Pocket ID on Ubuntu 24.04 LTS

Azure Application Infrastructure

Pocket ID, a simple self hosted OIDC provider that signs your users in with passkeys instead of passwords.

Base
Hardened build
minimal ports, security patches applied at build time
Access
Unique credentials
generated on first boot, readable only by root
Verified
Boots working
services pass a health gate before release
Support
24/7, 365 days
by email and live chat, 24 hour response SLA

Overview

Pocket ID is a self hosted OpenID Connect provider built around a single idea: people should sign in with passkeys, not passwords. You point your existing applications at it as their identity provider, and users authenticate to all of them with the fingerprint reader, face unlock or hardware security key they already carry. Nothing is left to choose, rotate, leak or phish.

It runs as one self contained service that embeds its own web interface and stores everything in an embedded database, so the entire identity plane is a single process. That makes it a practical alternative to a full identity suite for teams who want passwordless single sign on across a handful of self hosted applications without operating heavy infrastructure to get it.

Why the cloudimg image

cloudimg delivers Pocket ID fully installed behind an nginx reverse proxy, listening on loopback so it is never exposed directly, with an unauthenticated health endpoint for load balancer probes. Because this image is the identity plane itself, it is secure by default in a way that matters: no user, no passkey, no signing key and no secret ship in it. Pocket ID's initial administrator route is open to whoever reaches it first while no user exists, so on the first boot of every instance a sole administrator is created for that instance alone, which closes that route before the machine is ever reachable and removes the window in which someone else could claim your identity provider. That administrator has no password and no passkey: entry is a one time sign in link written to a file only the root user can read, so your SSH key is the root of trust. The encryption key is generated per instance too. The base OS is fully patched, the release is pinned, and every image is paired with a step by step deploy guide and 24/7 support.

Common uses

  • Passwordless single sign on with passkeys
  • An OIDC provider for self hosted applications
  • Phishing resistant authentication you own

See it running

Real screenshots taken while testing this image against its deployment guide.

Pocket ID on Ubuntu 24.04 LTS screenshot 1 Pocket ID on Ubuntu 24.04 LTS screenshot 2 Pocket ID on Ubuntu 24.04 LTS screenshot 3 Pocket ID on Ubuntu 24.04 LTS screenshot 4