Endpoint Devices - Authentik

import DocCardList from "@theme/DocCardList";

:::danger Early preview The endpoint devices feature set is currently in early preview and in development. It is not recommended for production use.

The features, methods, and even the name are yet to be confirmed.

Breaking changes and bugs should be expected. :::

:::info Enterprise License Required An enterprise license is required to access some of these features, refer to the current features overview table below for more details.

During this early preview stage, short trial licenses are available for testers. Please contact us via [email protected] for more details. :::

What are endpoint devices?

Endpoint devices are end-user devices or servers that are registered with authentik.

There are two purposes for registration: Device authentication and Device compliance.

Devices can be registered by installing the authentik Agent which supports:

Device compliance by reporting information about endpoint devices to authentik.
Local device login with authentik credentials.
Connecting via SSH to endpoint devices with authentik credentials.
Authenticating to CLI applications such as kubectl and AWS with authentik credentials.

Alternatively, Connectors allow authentik to be integrated with third party services such as Fleet. This allows for device information to be reported to authentik for Device compliance purposes.

Why use endpoint devices?

Endpoint devices offers administrators an alternative to traditional device authentication systems like LDAP for Linux or Active Directory for Windows, while supporting modern MFA methods like FIDO2. This feature set allows authentik to act as a unified authentication platform for devices, servers, and applications.

Meanwhile, Device Compliance allows administrators to make informed decisions about access to applications by verifying device security requirements, like operating system and application versions, before granting access to applications.

Features overview

Feature	Linux	Windows	macOS	Status
Local device login	:ak-enterprise	:ak-enterprise	:ak-enterprise	Available for early preview on Windows and Linux.
SSH authentication	Open source	Open source	Open source	Available for early preview. Only supports Linux SSH targets.
Device compliance	Open source	Open source	Open source	Available for early preview.
Advanced device compliance	:ak-enterprise	:ak-enterprise	:ak-enterprise	In development.
authentik Agent	Open source	Open source	Open source	Available for early preview.
Fleet Connector	:ak-enterprise	:ak-enterprise	:ak-enterprise	Available for early preview.
Other Connectors (Entra, Intune, Cloudflare WARP etc)	:ak-enterprise	:ak-enterprise	:ak-enterprise	In development.

How to provide feedback and report bugs

Report issues via our GitHub. Please include as much information as possible to assist us in troubleshooting.

More information

For more information, refer to each of the topics below: