Self-hosting Pocket ID the easy way
Yulei ChenPocket ID is a simple, self-hosted OIDC provider that lets users authenticate with passkeys instead of passwords. It's perfect for adding single sign-on to your self-hosted services without the complexity of Keycloak or other enterprise identity platforms.
Sliplane is a managed container platform that makes self-hosting painless. With one-click deployment, you can get Pocket ID up and running in minutes - no server setup, no reverse proxy config, no infrastructure to maintain. Sliplane provides HTTPS out of the box, which is required by Pocket ID for passkey authentication.
Prerequisites
Before deploying, ensure you have a Sliplane account (free trial available).
Quick start
Sliplane provides one-click deployment with presets.
Deploy Pocket ID >- Click the deploy button above
- Select a project
- Select a server (If you just signed up you get a 48-hour free trial server)
- Click Deploy!
About the preset
The one-click deploy above uses Sliplane's Pocket ID preset. The preset is configured for a clean, production-ready setup:
- Official
pocket-id/pocket-idimage from GitHub Container Registry - Version
v1.13for stability - Persistent storage mounted to
/app/datafor the SQLite database and uploads APP_URLautomatically set to your Sliplane domainTRUST_PROXYenabled for correct IP detection behind Sliplane's reverse proxy- Port
1411(Pocket ID's default)
Next steps
Once Pocket ID is running on Sliplane, access it using the domain Sliplane provided (e.g. pocketid-xxxx.sliplane.app).
Initial setup
Pocket ID doesn't use default credentials. On first visit, you'll be redirected to the setup page at /setup where you create your admin account using a passkey. Make sure your browser supports WebAuthn (all modern browsers do).
Adding OIDC clients
After creating your admin account, you can add OIDC clients for your services. Go to the admin panel and create a new client with:
- A display name
- One or more redirect URIs
- An optional logo
Pocket ID will generate a client ID and client secret that you can use to configure SSO in your other applications.
Environment variables
You can customize your Pocket ID instance by adding environment variables in your Sliplane service settings:
| Variable | Description |
|---|---|
MAXMIND_LICENSE_KEY | Enable geolocation for login notifications |
SMTP_HOST | SMTP server for email notifications |
SMTP_PORT | SMTP port (default: 587) |
SMTP_FROM | Sender email address |
SMTP_USER | SMTP username |
SMTP_PASSWORD | SMTP password |
LOG_LEVEL | Log verbosity: debug, info, warn, error |
Logging
By default, Pocket ID logs to STDOUT, which works well with Sliplane's built-in log viewer. If you need more detail, set LOG_LEVEL to debug. For general Docker log tips, check out our post on how to use Docker logs.
Troubleshooting
If passkey registration fails, make sure your browser is accessing Pocket ID over HTTPS. Pocket ID uses the WebAuthn API, which requires a secure context. Sliplane handles SSL automatically, so this should work out of the box. If you're using a custom domain, make sure DNS is configured correctly.
Cost comparison
You can also self-host Pocket ID with other cloud providers. Here is a pricing comparison for the most common ones:
| Provider | vCPU | RAM | Disk | Monthly Cost | Note |
|---|---|---|---|---|---|
| Sliplane | 2 | 2 GB | 40 GB | €9 (~$10.65) | Flat rate, 1 TB bandwidth, SSL included |
| Fly.io | 2 | 2 GB | 40 GB | ~$18 | Disk and bandwidth billed separately |
| Render | 1 | 2 GB | 40 GB | ~$35 | 100 GB bandwidth, Disk billed separately |
| Railway | 2 | 2 GB | 40 GB | ~$67 + $20 plan | Pro plan floor, usage-based, bandwidth billed separately |
Click here to see how these numbers were calculated.
(Assuming an always-on instance running 730 hrs/month)
- Sliplane: flat €9/month for the Base server. Unlimited services on the same server, 1 TB egress and SSL included.
- Fly.io:
shared-cpu-2x2 GB = $11.83/mo + 40 GB volume × $0.15/GB = $6 -> ~$17.83/mo. Egress billed separately ($0.02/GB in EU). - Render: closest match is Standard ($25, 1 vCPU / 2 GB) plus 40 GB disk × $0.25/GB = $10 -> ~$35/mo. Stepping up to Pro (2 vCPU / 4 GB) costs $85/mo + disk.
- Railway (Pro plan): CPU 2 × $0.00000772/s × 2,628,000 s = $40.57; RAM 2 × $0.00000386/s × 2,628,000 s = $20.29; volume 40 × $0.00000006/s × 2,628,000 s = $6.31 -> ~$67/mo compute, plus the $20/mo Pro plan floor and $0.05/GB egress.
Bandwidth costs can add up fast on usage-based providers. Use our bandwidth cost comparison tool to see what your egress would cost on each platform.
FAQ
What is Pocket ID used for?
Pocket ID is an OIDC (OpenID Connect) provider. You can use it to add single sign-on to self-hosted services like Forgejo, Nextcloud, Portainer, and many others. Instead of managing separate passwords for each service, your users authenticate once with a passkey.
Can I use Pocket ID with LDAP?
Yes, Pocket ID supports LDAP integration to sync users and groups. Configure the LDAP connection in the admin panel under Settings. This is useful if you already have an existing directory service and want to use Pocket ID as your authentication frontend.
How do I update Pocket ID?
Change the image tag in your service settings and redeploy. Check the Pocket ID GitHub releases for the latest stable version. Your data in /app/data is persisted across updates.
Are there alternatives to Pocket ID?
Yes, popular alternatives include Keycloak (full-featured enterprise identity management), Authentik (modern identity provider with flows), Authelia (lightweight auth proxy), and Zitadel (cloud-native identity management). Pocket ID stands out for its simplicity and passkey-only approach.
Do I need to set up email for Pocket ID to work?
No, email is optional. Without SMTP configured, Pocket ID works fine for authentication. Email is only needed if you want login notifications from unknown devices, one-time access codes, or API key expiration alerts.
