An analogy that may help your understanding: Authelia is like a doorman in front of your apps. If you’re on the guest list, he will let you in.
A common way to use these kind of system is to do forward authentication with a reverse proxy.
The reverse proxy first redirects the request to the authentication provider. If it gets the green light, it will then let the request go through to the app.
Some benefit of this approach:
- Only one login to access multiple services (SSO)
- Possibility to protect apps that have no authentication built-in
- Outsourcing the security to a dedicated app
If you’re worried about the security of your data but don’t feel like the setup of an identity provider (Authelia) is something you can do. An alternative would be to only allow traffic to SB through a VPN tunnel. There is a guide on setting up Tailscale for this use case.