Possibly dumb question: why not use an Authentik outpost with a reverse proxy to enforce SSO? It wouldn’t be “baked in” so to speak, but it would be fully OIDC and as long as you’re just running it through a web browser. Biggest downside is you’d need 2 logins (one for the outpost and one for the app). I’d assume the sso is specifically for the extra security though, so that shouldn’t be a problem outside of it being a little hassle.

Isn’t AMD’s HEVC/265 still decent, specifically? I feel like I read that somewhere years back. 264 has always been a weak spot for them, however.

Very true. But brute force checking through tons of different settings for each camera you need to configure is not fun. I couldn’t seem to find any kind of “known working configs” database or anything either. Every camera seems to be different in what it expects, outputs, authenticates, etc. Once it’s set up, I agree, maintaining the config is easier. Having all your cameras match in model and firmware version probably makes the whole endeavor MUCH easier.

AmCrest and Frigate together are SO good. Integrating Frigate with Home Assistant was also insanely easy for quick viewing and notifications. That initial Frigate config is a bit of a bear- but once you’re past that I cannot speak more highly of it.

hunter2