goauthentik/authentik — reverse-engineered prompt

Build me a self hosted login and identity server for teams and home labs, similar to authentik. I want one central place where I can add users, manage who can access which apps, and let people sign in once instead of having separate passwords everywhere.

It should support modern single sign on with OAuth2 and OIDC, and have room for SAML, LDAP, and RADIUS style integrations too. Include a clean web admin area where I can configure apps, users, groups, login flows, and security settings. Also include a simple user portal where people can see the apps they’re allowed to open. Please make it feel polished with light and dark mode.

Set it up so I can run it locally with Docker Compose for testing, and leave the project organized enough that it could later be deployed to Kubernetes. Add sensible defaults, clear setup instructions, and basic security notes. Look up current docs online if you need to.