Pricing Docs Blog Apps Tools Support Start Free
Security

Deploy Tinyauth in 30 Seconds

The lightweight, self-hosted SSO and forward-auth portal. A login page, OAuth/OIDC, and per-app access rules in a single binary - an open-source Authelia, Authentik, and Cloudflare Access alternative that protects your other self-hosted apps.

Deploy Tinyauth $3/mo - $10 credit on signup

What is Tinyauth?

Tinyauth is a self-hosted authentication and SSO portal - a lightweight, single-binary alternative to Authelia, Authentik, and Cloudflare Access. It gives you a clean login page, OAuth/OIDC support, and per-app access rules, and it can sit in front of your other self-hosted apps to protect them with forward-auth. Put one login between your apps and the internet, without standing up a heavyweight identity stack.

Because Tinyauth runs on your own server as a single Go binary, your login portal and sessions never leave your infrastructure - no third-party identity service in the middle. It boots instantly and runs on the smallest plan. On InstaPods it ships pre-configured behind HTTPS with a per-pod admin account, so it is ready to protect your apps the moment it boots.

Why Tinyauth?

Clean Login Portal

A simple, fast login page for your stack. Sign in once and let Tinyauth guard the apps behind it - no more juggling separate logins per service.

OAuth / OIDC Provider

Acts as an OIDC provider plus OAuth, so apps that speak OpenID Connect can use Tinyauth as their identity provider for single sign-on.

Forward-Auth Proxy

Drop Tinyauth in front of any app via forward-auth - point your Traefik, Nginx, or Caddy reverse proxy at the /api/auth/* endpoint and every request is checked first.

Per-App Access Rules

Decide which users can reach which apps with per-app access rules (TINYAUTH_APPS_*), so one user can be allowed into one app and blocked from another.

Self-Hosted & Private

Your login portal runs on your own pod and sessions live on the pod disk - no third-party identity service can read or lock your authentication data.

Lightweight Single Binary

One small Go binary, no database, no heavy runtime. It boots instantly and runs comfortably on the smallest plan we offer.

How It Works

1

Click Deploy

Select Tinyauth from the app marketplace, pick the Launch plan, and click deploy. That is it.

2

We Provision Your Pod

InstaPods spins up a real Linux server and brings Tinyauth up pre-configured behind HTTPS, with a per-pod admin account whose credentials are emailed to you.

3

Sign In and Protect Your Apps

Log in, then point another app's reverse proxy (Traefik, Nginx, or Caddy) at this pod's /api/auth/* endpoint, or use Tinyauth as an OIDC provider to secure your stack.

Simple Pricing

Tinyauth is a single lightweight Go binary with no database, so the Launch plan is plenty. New accounts get a $10 signup credit - about 3 months free on Launch. No per-user fees - ever.

Launch Plan
$3/mo
  • 1 shared vCPU
  • 512 MB RAM
  • 10 GB storage
  • HTTPS included
  • Custom domain support
  • SSH access
Deploy Tinyauth

Frequently Asked Questions

What is Tinyauth?

Tinyauth is a self-hosted authentication and SSO portal built as a single, lightweight Go binary. It gives you a login page, OAuth/OIDC, and per-app access rules, and it can protect your other self-hosted apps via forward-auth - a self-hosted alternative to Authelia, Authentik, and Cloudflare Access.

How does Tinyauth protect my other apps?

Two ways. You can use forward-auth by pointing the reverse proxy in front of another app (Traefik, Nginx, or Caddy) at this pod's /api/auth/* endpoint, so every request is checked against Tinyauth before it reaches the app. Or you can use Tinyauth as an OIDC provider for apps that support OpenID Connect. The auth cookie is shared across your parent domain, so put a custom domain on this pod and the protected apps under the same domain and they share the session.

Which plan does Tinyauth need?

Tinyauth is a single, lightweight Go binary that boots instantly, so the Launch plan (1 shared vCPU, 512 MB RAM, 10 GB storage) at $3/mo is plenty. There is no database to run and no heavy runtime, so you do not need to scale up.

Do I need to install or configure anything?

No. On InstaPods, Tinyauth deploys pre-configured behind HTTPS with a per-pod admin account created on first boot - the credentials are emailed to you. Just sign in and start protecting your apps. No server setup, no certificates to manage.

Does Tinyauth support OAuth and OIDC?

Yes. Tinyauth acts as an OIDC provider for apps that speak OpenID Connect, and it also supports OAuth. That lets you sign in once and use Tinyauth as the identity provider across your self-hosted apps.

Is my data private?

Yes. Tinyauth is fully self-hosted on your own pod. Your login portal and sessions live on the pod's persistent disk, never on a third-party identity service, so no outside provider can read or lock your authentication data.

Explore More Apps

Tinyauth is one of many open-source apps you can deploy in seconds on InstaPods. Browse the full catalog.

Explore All Apps