authentik is an open source Identity Provider that unifies identity needs into a single platform, replacing legacy providers like Okta and Active Directory. It offers customizable authentication flows, stages, and policies to safeguard against security hiccups and create flexible workflows. Flows are ordered sequences of stages, which can be used to define user authentication steps, while policies act as yes/no gates that conditionally apply specific stages or grant/deny access. authentik provides ready-to-go default flows, allows users to export/import flows in YAML format, and offers community-created examples for customization. Policies use information from the current flow's execution context to determine whether a stage or flow should terminate, proceed, or alter the sequence of events. The flexibility of authentik's flows can be illustrated with various examples, including enforcing two-factor authentication, providing a recovery process, and implementing reputation policies. Users can configure which flow is presented to their users through brand settings or provider/source configurations.