Auth & IAM

Authentication (AuthN) verifies who you are, while
Authorization (AuthX) determines what you are allowed to do.|

Both are core pillars of Identity and Access Management (IAM),
which is the overarching security framework
used to manage digital identities and permissions.
[1, 2, 3]

Authentication (AuthN)

• What it is: The process of proving your identity.
• How it works: You present credentials, such as a password, fingerprint, or multi-factor authentication (MFA) code, to prove you are who you claim to be.
• Real-world analogy: A bouncer checking your ID at a nightclub door.
• IAM context: IAM systems verify these credentials against a centralized directory to grant an initial session token. [1, 2, 3, 4, 5, 6]

Authorization (AuthX)

• What it is: The process of granting or denying access to specific resources.
• How it works: Once your identity is authenticated, the system checks your permissions to see if you have access to a specific file, server, or action (e.g., read vs. edit).
• Real-world analogy: The bouncer looking at your wristband to see if you are allowed in the general dance floor or the VIP section.
• IAM context: IAM enforces this through
  role-based access control (RBAC) or
  attribute-based access control (ABAC).
  [1, 2, 3, 4, 5]

Key Differences at a Glance

Feature [1, 2, 3, 4, 5]	Authentication (AuthN)	Authorization (AuthX)
The Core Question	Who are you?	What are you allowed to do?
Chronology	Happens first.	Happens after authentication.
Evidence	Passwords, PIN

---

  Links

What is Authentication vs Authorization? - Auth0

What is IAM?

Top open-source, self-hostable Identity and Access Management (IAM) solutions range from lightweight tools for home labs to robust, enterprise-grade identity providers. Whether you need simple single sign-on (SSO) or a full OAuth/OIDC/SAML suite, these streamlined options are highly effective. [1, 2, 3, 4, 5]

Lightweight & Simple (Home/Small Projects)

• Authelia: Designed for operational simplicity, this is an excellent multi-factor portal and SSO solution that pairs beautifully with reverse proxies like NGINX or Traefik.
  authelia/authelia: The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™ @GitHub: Go, Apache
• LLDAP: If you just need basic Lightweight Directory Access Protocol without the bloat of OpenLDAP, this provides a highly simplified user directory in a tiny package. [1, 2, 3, 4]

Developer-Friendly & Modern

• Authentik: A highly flexible, container-focused provider featuring a modern user interface and dynamic policy management. (Python, TS, Go, MIT)
• Logto: A framework-agnostic, developer-first platform that handles authentication, multi-tenancy, and user management with an emphasis on simplicity. [1, 2, 3]

Enterprise-Grade & Full-Featured

• Keycloak: The industry standard protocol powerhouse (SAML, OAuth 2.0, OpenID Connect, LDAP). It is highly scalable and feature-rich, though it requires slightly more infrastructure overhead.
• ZITADEL: A cloud-native, secure IAM platform built for developers that scales like SaaS but runs perfectly in your own environment.
• Ory: A suite of modular, zero-trust open-source tools for building robust, modern IAM infrastructures from the ground up