Security & Compliance
Identity & Access Management
Authentication, authorization, SSO, identity, and access management tools.
Best Identity & Access Management tools by public signals
These picks are computed from scored public evidence. Use the openness column in the ranking to separate OSI-approved, source-available, open-core, proprietary, and unverified-license tools.
Use Case Rankings
Ordered by ToolVitals score, health, shipping, confidence, and then adoption as a tie-breaker.
| # | Tool | Health | Shipping | Openness | Stars | Score | Status |
|---|---|---|---|---|---|---|---|
| 01 | Authentik The authentication glue you need. | 98 | 100 | OSI-approved OSS | 22k | 99 | Active |
| 02 | Thunder Identity and access management product by WSO2. | 95 | 100 | OSI-approved OSS | 238 | 97 | Active |
| 03 | Keycloak Open Source Identity and Access Management For Modern Applications and Services | 91 | 100 | OSI-approved OSS | 34.9k | 96 | Active |
| 04 | Casdoor An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD | 91 | 100 | OSI-approved OSS | 13.8k | 96 | Active |
| 05 | Stack Auth Open-source Auth0/Clerk alternative | 91 | 98 | License unknown | 6.8k | 96 | Active |
| 06 | Jans Open source digital identity infrastructure with OAuth/OpenID and SSO components. | 91 | 100 | OSI-approved OSS | 632 | 95 | Active |
| 07 | Logto 🧑‍🚀 Authentication and authorization infrastructure for SaaS and AI apps, built on OIDC and OAuth 2.1 with multi-tenancy, SSO, and RBAC. | 94 | 89 | OSI-approved OSS | 12.2k | 94 | Active |
| 08 | Frontier Frontier is an all-in-one user management platform that provides identity, access and billing management to help organizations secure their systems and data. (Open source alternative to Clerk, WorkOS) | 89 | 98 | OSI-approved OSS | 333 | 93 | Active |
| 09 | Pomerium Pomerium is an identity and context-aware access proxy. | 88 | 93 | OSI-approved OSS | 4.8k | 92 | Active |
| 10 | Steward Agent wallet infrastructure with encrypted keys, policy enforcement, and credential proxying. | 83 | 95 | OSI-approved OSS | 81 | 91 | Active |
| 11 | Zitadel ZITADEL - Identity infrastructure, simplified for you. | 98 | 72 | OSI-approved OSS | 14k | 90 | Active |
| 12 | Kanidm Kanidm: A simple, secure, and fast identity management platform | 88 | 84 | OSI-approved OSS | 5k | 90 | Active |
| 13 | VoidAuth Single sign-on for self-hosted applications. | 87 | 95 | OSI-approved OSS | 2.2k | 90 | Active |
| 14 | Cerbos Granular access control and policy engine. | 86 | 87 | OSI-approved OSS | 4.5k | 90 | Active |
| 15 | Pocket ID A simple and easy-to-use OIDC provider that allows users to authenticate with their passkeys to your services. | 91 | 84 | OSI-approved OSS | 8.1k | 89 | Active |
| 16 | Authelia The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™ | 87 | 87 | OSI-approved OSS | 28k | 89 | Active |
| 17 | Authgear Open source Auth0/Clerk/Firebase alternative. Passkeys, SSO, MFA, passwordless, biometric login. Self-hosted or cloud. Enterprise-ready for SaaS & mobile apps | 86 | 84 | OSI-approved OSS | 1.8k | 89 | Active |
| 18 | Weft ID Open-source federation layer that aggregates multiple identity providers into one interface. | 79 | 95 | OSI-approved OSS | 11 | 89 | Active |
| 19 | Passbolt Passbolt Community Edition (CE) API. The JSON API for the open source password manager for teams! | 88 | 77 | OSI-approved OSS | 6k | 88 | Active |
| 20 | FerrisKey Open-source IAM solution designed for cloud-native environments. | 81 | 89 | OSI-approved OSS | 634 | 88 | Active |
| 21 | PearPass PearPass is an open-source, privacy-first password manager with peer-to-peer syncing and end-to-end encryption. | 83 | 87 | OSI-approved OSS | 474 | 87 | Active |
| 22 | AthenZ Open source platform for service authentication and fine-grained access control. | 81 | 84 | OSI-approved OSS | 992 | 87 | Active |
| 23 | Seamless Auth Passwordless authentication API. | 77 | 82 | OSI-approved OSS | 2 | 84 | Active |
| 24 | Authorizer Open-source authentication and authorization platform. | 78 | 71 | OSI-approved OSS | 2k | 81 | Active |
| 25 | Ory Kratos Headless cloud-native authentication and identity management written in Go. Scales to a billion+ users. Replace Homegrown, Auth0, Okta, Firebase with better UX and DX. Passkeys, Social Sign In, OIDC, Magic Link, Multi-Factor Auth, SMS, SAML, TOTP, and more. Runs everywhere, runs best on Ory Network. | 80 | 65 | OSI-approved OSS | 13.7k | 80 | Active |
| 26 | Kotauth Identity infrastructure for modern applications. | 79 | 64 | OSI-approved OSS | 51 | 80 | Active |
| 27 | 1Password Password manager for teams and families | 82 | 62 | Proprietary target | — | 78 | Active |
| 28 | OPAL Authorization administration framework based on open policy. | 81 | 53 | OSI-approved OSS | 5.5k | 75 | Warning |
| 29 | authenticator-tauri A modern, cross-platform, open-source two-factor authentication app built with Tauri v2 and React. | 72 | 61 | OSI-approved OSS | 1 | 74 | Warning |
| 30 | Hanko Modern authentication, on your terms. Open source alternative to Auth0, Clerk, WorkOS, Stytch. | 80 | 43 | OSI-approved OSS | 8.9k | 73 | Warning |
| 31 | PowerAuth Open-source authentication and secure data transport for mobile banking. | 71 | 53 | OSI-approved OSS | 61 | 73 | Warning |
| 32 | Open Authenticator Open-source TOTP authenticator for securing online accounts. | 67 | 55 | OSI-approved OSS | 86 | 69 | Warning |
| 33 | FusionAuth User authentication and session management framework | 66 | 28 | License unknown | 241 | 61 | Warning |
| 34 | Kavachos Auth platform for AI agents and humans with OAuth 2.1, delegation, and audit features. | 51 | 35 | License unknown | 0 | 59 | Warning |
| 35 | Authula An open-source authentication solution that scales with you. Embed it as a library in your Go app, or run it as a standalone auth server with any tech stack. | 46 | 51 | OSI-approved OSS | 215 | 58 | Warning |
| 36 | MaxKey Open-source SSO and identity access management platform. | 64 | 25 | OSI-approved OSS | 1.9k | 57 | Warning |
| 37 | RootID Open-source identity correlation engine for validating professional profiles. | 51 | 31 | License unknown | 0 | 53 | Warning |
| 38 | HVT Open-source authentication infrastructure for developers and teams. | 46 | 27 | OSI-approved OSS | 3 | 52 | Critical |
| 39 | OpenIG Open source identity gateway that secures, routes, and manages web traffic. | 45 | 33 | License unknown | 88 | 51 | Critical |
| 40 | ghost-auth Ghost Auth is an open-source, cross-platform TOTP authenticator | 40 | 20 | OSI-approved OSS | 2 | 45 | Critical |
| 41 | Buwana Open-source account registration and authentication platform. | 38 | 17 | OSI-approved OSS | 3 | 43 | Critical |
| 42 | EAuth Open-source identity platform for enterprise apps with OIDC and extensible auth flows. | 38 | 7 | OSI-approved OSS | 2 | 40 | Critical |
| 43 | Oso Authorization building framework. | 39 | 0 | OSI-approved OSS | 3.5k | 39 | Critical |
| 44 | nexeres A secure, scalable, and fully open-source authentication platform — no paywalls. | 38 | 7 | OSI-approved OSS | 1 | 39 | Critical |
| 45 | WAIS Core Open-source authentication infrastructure for AI agents. | 38 | 7 | OSI-approved OSS | 1 | 39 | Critical |
| 46 | Tesseral Open-source auth infrastructure for B2B SaaS. | 36 | 0 | OSI-approved OSS | 1.1k | 35 | Critical |
| 47 | SSOReady Open-source dev tools for enterprise SSO. Ship SAML + SCIM support this afternoon. | 31 | 0 | OSI-approved OSS | 1.5k | 32 | Critical |
| 48 | Warrant Authorization and access control as a service. | 27 | 0 | OSI-approved OSS | 1.3k | 31 | Critical |
| 49 | Padloc A modern, open source password manager for individuals and teams. | 27 | 0 | OSI-approved OSS | 2.9k | 30 | Critical |
| 50 | authman-app FREE, secure and open source cross-platform 2FA TOTP app | 26 | 0 | OSI-approved OSS | 61 | 28 | Critical |
| 51 | JAP Open-source authentication middleware for integrating identity providers and login flows. | 6 | 0 | OSI-approved OSS | 168 | 21 | Critical |
Evidence Watch
Tracked tools with useful public signals but no verdict score yet.