It’s my understanding that FreeIPA can federate with Active Directory, but personally I haven’t tried that myself. As for Authentik, it looks interesting but it’s the first I’ve heard of it. I also rely on FreeIPA’s certmonger implementation, so I wonder if Authentik could replace that?
Just to understand your use case, you have users in Active Directory where you want to manage SSH keys and be able to login via SSH to linux machines?
This is what I’ve read about where users in AD can be federated to FreeIPA: https://www.freeipa.org/page/V4/One-way_trust. Not sure if this covers your use case