I first want the “official” apps (Nextcloud, Roundcube, SOGo, WebTop, etc.) to integrate with it. But other things I integrate with Authentik include Forgejo, Proxmox (VE and Backup Server), LubeLogger, and more recently Headscale. Once I get my Raspberry Pi-based local CA back up and running, I’ll be integrating that as well to obtain SSH user certificates.
And I’ve been using Authentik, but I’m not married to it–if Keycloak will do the job better, I don’t mind migrating. If it’s a wash, I’d just as soon stay with Authentik. But I strongly believe NS8 needs an “official,” integrated SSO solution, one that will work with all the “official” apps, and can be called by anything else the admin wants to use.