A significant security upgrade is in the works for bacher-ai.com: Single Sign-On (SSO) with Multi-Factor Authentication is being rolled out across the platform’s services — Open WebUI, LiteLLM, n8n, and the platform’s admin services.
The new authentication layer is built on Authentik, a privacy-respecting, open-source identity provider. Once fully rolled out, users will log in once and have seamless access to all connected services — no more separate passwords per tool.
What this means for security
MFA is enforced at the identity layer and supports multiple second-factor methods: TOTP via any standards-compliant authenticator app, hardware security keys including YubiKeys, and passkeys for passwordless authentication. Access control is now centrally managed — permissions granted or revoked apply across all services instantly, with no inconsistent states or back doors.
What this means for usability
Beyond the security improvements, the new setup is meaningfully more convenient. Passkeys allow signing in with biometrics (Face ID, fingerprint) or a device PIN — no password to type or remember. YubiKeys work as both a second factor and a primary passwordless credential, making authentication fast and phishing-resistant. Whichever method you choose, one login gets you into all connected services without re-entering credentials.
Availability
SSO will be rolled out to all users soon. If you’d like access right now, just reach out and I’ll get you set up ahead of the general rollout.
Photo: panumas nikhomkhai via Pexels