← back home

Self-Hosted Identity: Balancing Sovereignty, Cost, and Cross-Platform Needs

December 26, 2025
Identity Management Self-Hosting Entra Id Data Sovereignty Cross-Platform Identity Active Directory Cloud Services Open Source Licensing Infrastructure Control
View original discussion on Hacker News

Navigating identity management across diverse operating systems like Windows and Linux presents a significant challenge for many organizations. While traditional solutions have often led to fragmented approaches, the landscape is evolving, prompting a closer look at existing tools and the demand for new alternatives.

The Microsoft Entra ID Advantage

For many, Microsoft's Entra ID (formerly Azure Active Directory) has emerged as a robust solution for cross-platform identity. It allows for seamless joining of Windows, Mac, and Linux machines, centralizing user and device management. A significant argument in its favor is the value offered by its licensing tiers. For instance, an F3 license, priced at around $8 per user per month, provides a comprehensive package that includes:

  • Web-based Microsoft Office suite access.
  • Intune/Endpoint Management for up to 5 active devices.
  • A licensed Windows 11 Enterprise entitlement, beneficial for machines without an existing Windows license.
  • Advanced control over Device Policy and Conditional Access Policy.

While macOS and Linux endpoint management through Entra ID may not be as feature-rich as its Windows counterpart, the core functionalities are present. For Mac integration, pairing with Apple Business Manager is a necessary, albeit manageable, step. The extensive and often helpful Microsoft documentation further eases the deployment and management process. For many organizations, the cost-benefit analysis of Entra ID makes it a "good enough" or even preferred solution due to its comprehensive feature set and ease of integration.

The Self-Hosting Imperative: Sovereignty and Control

Despite the conveniences of cloud-based identity solutions like Entra ID, a crucial niche exists for self-hosted alternatives centered around data sovereignty and control. A significant concern for some organizations, particularly those operating under strict regulatory frameworks, is the data residency and jurisdiction of cloud services, notably those subject to US laws. This drives a demand for platforms where data and services remain entirely within the organization's control.

Traditional self-hosted options have their limitations:

  • Samba AD: While functional for Windows domains, it is often described as "painful" to manage and lacks support for modern authentication protocols.
  • UCS/Zentyal: These solutions often wrap Samba, leading to a heavyweight deployment footprint.
  • Keycloak/Authentik: Excellent for modern authentication protocols like OIDC, but they typically do not offer native Windows domain join capabilities, creating a gap for environments that require both.

The underlying desire for self-hosting often stems from a philosophical stance: the importance of owning the "kernel of your infrastructure." This approach suggests building a foundational, self-controlled infrastructure and then strategically leveraging cloud services for scalability and specific growth needs.

Balancing Innovation with Market Needs

For developers venturing into creating new identity platforms, a critical consideration is balancing technical innovation with market demand. Building an open-source, Rust-based, AD-compatible, OIDC-native identity platform is technically exciting. However, understanding whether the "sovereignty/self-hosting" problem is a widespread industry need or a more specialized edge case is paramount. The decision to invest in such a platform hinges on validating the commercial viability and the breadth of organizations for whom data residency and control supersede the convenience and feature set of established cloud providers. Ultimately, design choices must align with what potential users are willing to pay for or invest in, recognizing that the "big world" often dictates a pragmatic balance between ideal solutions and practical realities.

Get the most insightful discussions and trending stories delivered to your inbox, every Wednesday.