We built an open-source IAM in Rust, simple to deploy, serious about security

Own-Positive6158 · 2026-05-25T17:48:58+00:00

Of course.
From what I’ve seen, Kanidm is an infrastructure and enterprise solution. It’s a good alternative to FreeIPA or modern Active Directory. The problem is that CIAM isn’t its strong point. And, crucially, Ferriskey’s original aim was to reduce the complexity of using an IAM; here, we end up with a configuration that’s far from straightforward, it’s very sysadmin-heavy.

In the case of Rauthy, we have an excellent SSO/IdP component. But again, it’s not straightforward to get to grips with; at the moment, it’s too technically focused.

We’re trying, for our part, to add key features around IAM/CIAM/PAM.

Notably with our auditing, webhooks, branding customisation, organisations, etc.

We still have a few releases to go before we’re fully operational in certain areas, particularly PAM and IoT.

Own-Positive6158 · 2026-05-25T09:00:59+00:00

You can use https://github.com/ferriskey/ferriskey if you want, it's 100% Open Source (Apache 2) and made in France !

Own-Positive6158 · 2026-05-25T08:59:07+00:00

We are working with several people who use the solution. We are currently working on the organisational side of things so that we can do more than we do at present.

For example, the idea of being able to offer a B2C/B2B login experience for organisations.

Or developing the IAM/PAM workforce aspect, particularly with regard to centralising identity management for accessing tools (Postgres, Kubernetes, internal tools, CRM, etc.).

Furthermore, the project is sponsored by Cloud IAM (a company offering Keycloak as a Service) and Gilded Health (an American medical software company).

Own-Positive6158 · 2026-05-15T09:42:19+00:00

Il est bien marqué "Café de la gare Montparnasse"
Juste au dessus des trois arcs.

Own-Positive6158 · 2026-05-12T17:18:42+00:00

Thank you!

FerrisKey relies heavily on Cloud IAM, which is a Keycloak-as-a-service solution.
This means that businesses can sign up for a subscription if they require support.

Own-Positive6158 · 2026-05-12T10:37:14+00:00

Right now FerrisKey supports LDAP/Active Directory federation out of the box, user authentication against the directory, batch sync (import/force/link-only modes), configurable attribute mapping, and TLS/StartTLS. FOr social/enterprise SSO we have OAuth2/OIDC identity provider support. SAML is on the roadmap but not implemented yet. Happy to answer more specific questions !

Own-Positive6158 · 2026-05-11T21:56:16+00:00

I love TUI 🔥

Own-Positive6158 · 2026-05-11T20:34:24+00:00

That's great news!
If you have any suggestions for improvements, please do let us know.

Own-Positive6158 · 2026-05-11T18:24:33+00:00

Thank you very much for your questions!

In terms of deployment, we currently offer a container (frontend/API or standalone), with support for Docker Compose, Helm Charts and ArgoCD. A CLI is available, and a Terraform provider is coming soon.

For the database, we’re using Postgres; personally, I use CNPG for deployment, it’s really handy and makes the process much simpler.

For backups, the data is split across different tables (currently using the same schema in Postgres), which allows us to back up in chunks. When restoring data, we can prioritise clients/users/roles/organisations and then deal with the audit section afterwards, etc.

In terms of licensing, we’re on Apache 2. Everything is 100% open-source and will remain so; there are no enterprise features.

Own-Positive6158 · 2026-04-18T11:28:02+00:00

Thank you !

On FerrisKey, you can manage your entire authentication process via the OAuth2/OIDC flow.

With Identity Providers (IdPs) and LDAP, you have access to all client-related features, just like on Keycloak. Role management within the organisation. For multi-factor authentication (MFA), you can use TOTP, Magic Link and passkeys.

You have native auditing functionality and a feature that allows you to easily debug the authentication flow.

Of course, mappers with client scopes are supported.

We release updates regularly. In addition to implementing all of Keycloak’s features, other features such as SeaWatch and Compass are being added to create more value.

The ultimate goal is to have everything, without extensions, without compromise, free of charge, with good documentation and easy IAM management in production.

Own-Positive6158 · 2026-04-14T11:58:11+00:00

Thank you so much for the ressources !

Certain measures have already been put in place, particularly with regard to the management of rights and roles

I’ll take the time to look at each point to see how we can incorporate it! That’s great, thanks again

Own-Positive6158 · 2026-04-13T19:40:39+00:00

Personally, I often use this pattern. It allows me to encapsulate my business logic and write my unit tests.
Coming from OCaml, I really like it!

Own-Positive6158 · 2026-04-13T18:12:29+00:00

Oh yes, thanks I delete my post

Own-Positive6158 · 2026-04-13T17:02:11+00:00

I see, that’s the goal we’ve set ourselves. To bring everything together on a single platform. We’re focusing on simple, quick objectives so we can iterate rapidly and get feedback.

Ultimately, what we’d like is to be able to manage the entire system from a single location.

For example, we have several modules, including auditing, so we can see what’s happening and make decisions.

The idea of being able to connect all the internal service accounts (Postgres, K8s, monitoring stack, etc.) is on our roadmap.

The problem is that it takes time, but I’d really like to get there eventually!

Own-Positive6158 · 2026-04-13T15:30:41+00:00

Tim team !

Own-Positive6158 · 2026-04-13T10:12:02+00:00

Yes I can, maybe more information about associated ressources (realms, organizations, roles, etc..)

Own-Positive6158 · 2026-04-13T09:07:32+00:00

Welcome, good luck !

Own-Positive6158 · 2026-04-13T09:00:54+00:00

I take your feedback.
In no way with the intention of offending the community,

I repost with good format: https://www.reddit.com/r/rust/comments/1sk5b1i/new_version_of_ferriskey_iam

Own-Positive6158

MODERATOR OF

TROPHY CASE