# Single Sign On with Authelia

I built a SSO system to protect some of my more sensitive sites and facilitate a consistent login experience. Now that I did the hard work of getting it working, it's fairly easy for me to do stuff like secure a knowledgebase site with a SSO login. The platform is called [Authelia](https://github.com/authelia/authelia "Authelia") and I have it running in a docker container like everything else these days.

<details id="bkmrk-authelia-login-page"><summary>Authelia Login Page</summary>

[![image.png](https://kb.matt-cloud.com/uploads/images/gallery/2024-05/scaled-1680-/rVuimage.png)](https://kb.matt-cloud.com/uploads/images/gallery/2024-05/rVuimage.png)

</details>There isn't much visible to you as the user aside from the initial Authelia login page and two-factor prompt. Authelia sets cookies in your browser and is able to pass credentials between different Matt-Cloud services just like Google can go from Mail to Drive and whatnot without you needing to re-login each time. Authelia's user back-end is my Microsoft Active Directory domain, and I am then able to use the groups in AD to manage site permissions in Authelia. For you to manage your two-factor options in Authelia, you need a valid email address in Matt-Cloud. You can see your current email address on the [SSPR](https://sspr.matt-cloud.com/ "Self Service Password Reset") under your My Account page at the top. If it's missing or wrong let me know and I'll fix it up; I still haven't figured out how to let you manage your own email addresses.

<details id="bkmrk-sspr-account-info"><summary>SSPR Account Info</summary>

[![image.png](https://kb.matt-cloud.com/uploads/images/gallery/2024-05/scaled-1680-/P4Vimage.png)](https://kb.matt-cloud.com/uploads/images/gallery/2024-05/P4Vimage.png)

</details>You can also perform email and password updates using the [account settings](https://account.matt-cloud.com "SSO Account Settings") page. This is linked to the Matt-Cloud SSO, and once you are logged in you may update your email and password easier. I still require the current password when changing the password because that seems prudent. The interface is identical to the regular SSPR site, it just doesn't require an additional login.