Your top priority should be “Are my backups good? / Can I trivially roll back any breaking changes?” If an account oopsie can permanently compromise your users’ photos, then you have bigger problems to worry about.
But assuming your backups are good, there isn’t much to worry about. I recommend you don’t take my word for it and thoroughly read the documentation of each of the services you want to put behind Authentik, but in general, when a service is configured to use SSO, if a user with the same ID already exists on the target service, they are simply merged. The most common ID for this is the email associated with that user on both Authentik and the service. Worst case, if the ID doesn’t match, you either get an error saying the user is invalid or you get a new user created on the target service.
It’s nothing fancy, but I have phone alerts if any windows are open when the heating comes on, and I also use the average temperature inside the house as the input temperature for the thermostat (sensors in several rooms are averaged and published via MQTT to a DIYless thermostat).
My plan going forward is to add ZigBee TRVs to the radiators in each room and automatically close any that are already at or over the target temperature.