Authelia checks the system time is in sync with an NTP server. This section describes how to configure and tune this.

Authelia has the ability to check the system time against an NTP server, which at the present time is checked only during startup. This section configures and tunes the settings for this check which is primarily used to ensure TOTP can be accurately validated.

In the instance of inability to contact the NTP server or an issue with the synchronization Authelia will fail to start unless configured otherwise.


  address: "time.cloudflare.com:123"
  version: 3
  max_desync: 3s
  disable_startup_check: false
  disable_failure: false



string time.cloudflare.com:123 not required

Determines the address of the NTP server to retrieve the time from. The format is <host>:<port>, and both of these are required.


integer 4 not required

Determines the NTP version supported. Valid values are 3 or 4.


duration 3s not required

Note: This setting uses the duration notation format. Please see the common options documentation for information on this format.

This is used to tune the acceptable desync from the time reported from the NTP server.


boolean false not required

Setting this to true will disable the startup check entirely.


boolean false not required

Setting this to true will allow Authelia to start and just log an error instead of exiting. The default is that if Authelia can contact the NTP server successfully, and the time reported by the server is greater than what is configured in max_desync that Authelia fails to start and logs a fatal error.