Our biennial Public Benefit Company (PBC) report
authentik is an open source Identity Provider that unifies your identity needs into a single platform, replacing Okta and Auth0, Ping, and Entra ID. Authentik Security is a public benefit company building on top of the open source project.
As a Public Benefit Company, authentik is dedicated to open source software development and to our community, and to continuously developing, providing, and maintaining secure, stable authentication solutions.
We are pleased to share our first Public Benefit Company (PBC) report with you, our community, our users, our contributors, and everyone who invests their time and effort into open source software for the good of us all.
Read on for details about our chartered commitments, the work we do to support these commitments, and how the results of the report show that we are on the right path.
Public Benefit Companies are a relatively new form of business entity, and are not limited to software companies. Two of the best known PBCs are the clothing brand Patagonia and the ice cream maker Ben & Jerry's. For any PBC the core focus is, of course, providing a benefit to others beyond themselves, as well as operating with transparency, accountability, and purpose.
PBCs (no matter their field or product) must act in the best interests of the community and consciously understand how their actions will affect others. For authentik specifically, we consider our work in the light of benefiting:
- users and community members who implement and rely on our products
- individuals or companies who contributed to or invested in authentik
- the security and stability of broader systems and environments
- the team members of the company
The benefits to us of being a PBC include attracting like-minded developers with the skills to continuously propel the project forward in the community as well as promoting trust from the community in our ongoing responsibility to the open source project.
In the annual or biennial report, PBCs typically provide a description and explanation of how the benefit company provided a general and/or specific public benefit, as well as which actions and methods they used to deliver and maintain the benefit.
Authentik Security’s stated public benefit purpose is to maintain an open-source platform for the benefit of the public.
Our commitments
Under the Open Core Ventures charter we are beholden to grow and maintain authentik in an intentional and purposeful manner.
Let’s take a look at how authentik is fulfilling the PBC requirements, with a solid focus on upholding the charter’s commitments to our users. Some of our most important commitments include prioritizing the development of new open source features, to openly and rapidly address any security concerns, and to be transparent in our coding, testing, and security work.
Prioritizing open source means that the company is committed to open source and won't suddenly make currently open source functionality into an Enterprise feature. Indeed, our charter includes these specific commitments:
"Not to prioritize profits over public interests of the open source project."
“For example, if a new feature is released as open source, it cannot be removed from open source licensing for any purpose (including monetization of the feature to cover maintenance costs).”
Transparency is a major component of our charter. We wrote about "Security through transparency" recently, and how if somebody finds a vulnerability in authentik or discovers a breach, the fix is available in the resulting PR and technical reviews are there for all to see. Our charter states:
"For example, if there is a security fix that affects both open core and open source code, the company cannot delay the security fix to the open source code base in order to provide a premium security service to paid users.""
In our charter we also address the transparency of our testing frameworks, and the importance of this for producing stable and easily-maintained code:
"To keep development work open for community review. For example, the open source code base includes a publicly available readme detailing testing frameworks used for each open source feature.""
Furthermore, authentik is intentional about our licensing, and enforcing the continued availability of our open source features. To this point, our charter states:
"Any software that is released by the Company under an open source license, will remain available under the original license provided by the Company."
Last but definitely not least, our team here at Authentik Security are all, each of us, professionally driven to upholding these commitments spelled out in our charter. We are a small team, with long experience in the open source community, and we are absolutely dedicated to the success of our authentik community!
Results and successes
We are proud to share the metrics and data from the report; they demonstrate the popularity of our open source project, the robustness of the contributions, and our commitment to our growing community.
Here are some representative metrics gathered from our first two years of operations as a company:
- Total installations of authentik: Over 287,000 unique installations.
- Although we intentionally have limited telemetry, these numbers come from optional anonymous analytics that run at first startup of each authentik installation.
- The vast majority of these installations are from the free, open-source version of authentik.
- Total commits to authentik:
- 5,675 total commits, with 5,615 commits to non-enterprise code
- 99% of code commits over the past two years have been to the non-enterprise, open-source version of authentik.
- Total contributors to authentik:
- 200 total human contributors to authentik
These successes warrant a huge Thank You to our community and contributors. From our founding in 2022 to this report has been an exciting journey, one which we could not make without our authentik community.
We are genuinely proud to share this first PBC report, and as always, if you have any questions or comments, reach out to us on GitHub, Discord, or with an email to [email protected].