OpenUEM

Staff PickFeaturedOpen Source

Open-source self-hosted Unified Endpoint Manager

Last updated: April 2026

OpenUEM is a free, open-source, self-hosted Unified Endpoint Manager (UEM) that lets you manage your IT assets through agents installed on Windows, Linux, and macOS endpoints. Built in Go with PostgreSQL and NATS.

Visit Website

3views|5.0(1 review)

Remote Management & RMM Endpoint & Patch Management IT Operations & SysadminSelf-Hosted Linux Windows macOS Docker Workflow Automation Endpoint Security Remote Support

About

OpenUEM is an open-source, self-hosted Unified Endpoint Manager created by Miguel Angel Alvarez Cabrerizo, a freelance DevOps engineer based in Spain. The project provides full endpoint inventory, remote management, and configuration deployment capabilities through lightweight agents installed on Windows, Linux, and macOS endpoints.

Built entirely in Go, OpenUEM uses PostgreSQL for data storage, NATS for inter-component messaging, and a clean web interface powered by Echo, HTMX, and Franken UI. The platform supports multi-tenancy, digital certificate-based authentication, and can be deployed via native packages or Docker.

The project is licensed under Apache 2.0 and has an active community on Discord and GitHub, with over 80 stars on the main console repository.

Positioning

OpenUEM positions itself as a truly open-source alternative to commercial UEM/RMM solutions. Unlike proprietary platforms that charge per endpoint or per technician, OpenUEM is completely free with no seat limits, no endpoint caps, and no paid tiers.

Key differentiators:

Security-first design — Mandatory mutual TLS between all components, certificate-based console login, on-demand VNC with one-time passwords
Multi-platform agents — Windows, Linux (Debian/RedHat), and macOS (Intel + Apple Silicon)
Package management integration — Deploy software via Winget (Windows), Flatpak (Linux), and Homebrew (macOS)
No cloud dependency — Fully self-hosted, your data stays on your infrastructure
Identity Provider support — Authelia, Authentik, Keycloak, Zitadel integration

What You Get

Complete hardware and software inventory across all endpoints
Remote assistance via VNC, RDP, and RustDesk integration
Package deployment through Winget, Flatpak, and Homebrew
Configuration profiles with automated tasks per OS
Windows Update monitoring and Linux security update detection
SFTP file browsing, upload, and download
Wake-on-LAN and scheduled power management
BitLocker encryption and antivirus status monitoring
PDF and CSV report generation
Multi-tenancy with multiple organizations and sites
Certificate-based security with built-in Certificate Authority
Dashboard with real-time component status

Core Areas

Endpoint Inventory

Hardware details, installed software, network adapters, printers, and disk information across all managed endpoints

Remote Management

VNC, RDP, and RustDesk-based remote assistance with TLS encryption and on-demand one-time passwords

Software Deployment

Deploy and manage packages via Winget (Windows), Flatpak (Linux), and Homebrew (macOS) from the web console

Configuration Profiles

Automated tasks per OS including package management, registry keys, local users/groups, PowerShell/shell scripts, and MSI packages

Security Monitoring

Windows Update status, antivirus detection, BitLocker encryption, and certificate-based mutual TLS authentication

File Management

SFTP-based file browsing, download, and upload to managed endpoints with certificate authentication

Why It Matters

The UEM and RMM market is dominated by expensive, closed-source solutions that lock organizations into per-seat pricing models. For small IT teams, MSPs starting out, and organizations that need full control over their endpoint management infrastructure, commercial options are often prohibitively expensive or require trusting a third party with sensitive asset data.

OpenUEM fills this gap by providing a production-ready, self-hosted endpoint management platform with no licensing costs. The security-first approach — mandatory TLS, certificate-based authentication, no stored passwords — makes it suitable for environments where security compliance is critical.

For IT professionals evaluating endpoint management solutions, OpenUEM represents a compelling option: full source code access, active development, multi-platform support, and a growing feature set that already covers the core needs of endpoint inventory, remote access, software deployment, and configuration management.

Reviews

1 review

Excellent open-source alternative to commercial RMM tools

4/4/2026

OpenUEM is exactly what the IT community needed — a genuinely open-source endpoint manager that doesn't cut corners on security. The certificate-based authentication, multi-platform agent support (Windows, Linux, macOS), and integrated package management via Winget/Flatpak/Homebrew make it a serious contender against paid solutions. The web console is clean and responsive, and the Docker deployment makes getting started straightforward. Active development with regular releases. Highly recommended for sysadmins and small MSPs looking for a self-hosted RMM without licensing costs.

— Emanuel DE ALMEIDA, IT Operations Manager at ithub.directory

integraal-it

Integraal IT is a Swiss MSP based in Geneva offering IT support, network & cloud, cybersecurity, and flexible maintenance contracts for businesses.

Remote Management & RMM

IntuneGet

Free, open-source tool that bridges Windows Package Manager (Winget) and Microsoft Intune. Deploy 10,000+ Winget apps to Intune in minutes — no scripting, no manual IntuneWin packaging.

Endpoint & Patch ManagementIT Operations & Sysadmin

IntuneAutomation

Free, open-source PowerShell scripts for Microsoft Intune automation. Streamline device management, reporting, and compliance with ready-to-use detection and remediation scripts.