ak

Start the server

$ ak server

$ ak migrate

$ ak createsuperuser

$ ak export_blueprint

$ ak import_blueprint [blueprint.yaml]

$ ak create_recovery_key [username]

$ ak version

$ ak worker

ak command [options]

ak is the command-line interface for authentik, an open-source identity provider. It manages the authentik server, workers, database operations, and configuration import/export.
The server command starts the web interface and API server. Background tasks like email sending and LDAP synchronization require a worker process running separately.
Blueprints provide declarative configuration management. Export configurations with export_blueprint for version control or migration, and apply them with import_blueprint.
For account recovery when users are locked out, create_recovery_key generates a time-limited recovery URL. This requires access to the server command line.
authentik supports various authentication protocols including SAML, OAuth2/OIDC, LDAP, SCIM, and proxy authentication for applications that don't support SSO natively.

--bind address

Address for server to listen on.

Display help information.

/etc/authentik/config.yml

Main authentik configuration file for database, secret key, email, and logging settings.

Directory containing declarative YAML blueprints for configuration-as-code.

server

Start the authentik web server.

Start a background worker process.

Apply database migrations.

Create an administrative user interactively.

Generate account recovery link.

Export current configuration as blueprint YAML.

Import configuration from blueprint file.

Display version information.

Run diagnostic and repair routines.

Open interactive Python shell with authentik context.

Open database shell.

Requires Python environment with authentik installed. Database must be configured and accessible. Most administrative tasks are performed through the web interface; CLI is primarily for server operations and emergency recovery.

authentik was created by Jens Langhammer and first released in 2020 as a modern alternative to older identity providers. Built with Django and designed for containerized deployments, it provides comprehensive identity management features. The project gained popularity as a self-hosted alternative to commercial identity providers, offering features like application proxying, multi-factor authentication, and extensive protocol support.

authelia(1), keycloak(1), vault(1)