Services

Senior-IT-engineer-led Authentik & Pangolin deployments for SMBs and serious homelabs — production-grade SSO without Okta pricing.

Fixed-scope engagements. Fixed prices. Delivered by a senior IT engineer who runs the same stack in production every day.

Logan Airport SIDA-cleared Operated inside one of the most security-regulated environments in the U.S.
900+ device MASSPORT rollout Led a real, audited, end-user deployment at scale.
Production self-hosted IAM stack Authentik, Zitadel, Pocket ID, Pangolin, NetBird, Vaultwarden, and Mailcow running 24/7 on my own infrastructure.

Boston-based. US business-hours support.

Pricing

Authentik Starter

$1,995

Fixed price, one-time

A production Authentik install you can hand to your team on day one.

  • Single-node Authentik deployment on your infrastructure (cloud VM or on-prem)
  • Up to 5 applications integrated (OIDC, SAML, or proxy/forward-auth)
  • Enforced multi-factor authentication with recovery flow
  • Backups and admin runbook
  • 30 days of post-deploy support for config questions and break/fix
Book a $250 design call

Authentik + Pangolin Bundle

$3,495

Fixed price, one-time

Single sign-on and secure remote access for your internal services, deployed together.

  • Everything in Authentik Starter
  • Pangolin reverse proxy fronting up to 10 internal services
  • Internal certificate workflow (issuance, renewal, trust distribution)
  • Forward-auth wired to Authentik so every service inherits SSO and MFA
  • Operator runbook for adds, removals, cert rotation, and recovery
  • 30 days of post-deploy support
Book a $250 design call

90-Day Managed Support

$350 / month

Add-on to either deployment package

Keep the stack healthy after deployment without hiring a full-time admin.

  • Monthly health check across Authentik, Pangolin, and dependencies
  • Patch and version lifecycle management
  • MFA and access policy changes on request
  • Up to 2 support tickets per month, US business hours
  • Quarterly review and recommendations
Ask about managed support

Discovery Design Call

$250

Credited toward any package booked within 30 days

A focused 60-minute call to scope your environment, identify the right package, and produce a concrete deployment plan.

  • Review of your current identity, app, and access setup
  • Right-sized package recommendation
  • Written deployment plan delivered within 48 hours
Book a $250 design call

Managed Support is month-to-month and can be cancelled anytime after the initial 90 days.

Who this is for

  • SMBs with 5–50 employees priced out of Okta or JumpCloud, but who still need real SSO, MFA, and access control.
  • Prosumer and homelab operators who want their self-hosted stack deployed and documented to production standards instead of duct-taped together.
  • Small MSPs who need a senior partner to stand up Authentik for a client and hand back a clean runbook.

If you’re a Fortune 500 buying seats by the thousand, I’m not your vendor — and that’s the point.

Get started

Book a $250 design call Free 15-minute intro