Engineering teams that want composable, open source identity and authorization primitives, self-hosted or as SaaS.

Ory

Open source identity, authorization and zero trust stack (Kratos, Hydra, Keto, Oathkeeper) available self-hosted or as Ory Network SaaS.

Last updated today

Visit site

Quick answer

What is Ory?

Short answer

Ory is an open source identity and authorization ecosystem made up of several focused components: Kratos for identity, Hydra for OAuth2 / OIDC, Keto for authorization (Google Zanzibar-inspired) and Oathkeeper for zero trust access. Teams can self-host the open source stack or use Ory Network, the managed SaaS. It tends to appeal to engineering-heavy teams that want composable identity primitives rather than a packaged CIAM product.

Best for: Engineering teams that want composable, open source identity and authorization primitives, self-hosted or as SaaS.
When to choose: You have an engineering team that wants open source identity, fine-grained authorization and the option to self-host.
When not to choose: You want a one-click hosted CIAM with prebuilt UIs and minimal infrastructure work.
Related tools & categories: Customer Identity / CIAM Developer Authentication Zitadel SuperTokens Run the IAM Stack Finder

Common use cases

Custom auth flows
OAuth2 / OIDC providers
Fine-grained authorization (relationship-based)
Zero trust access proxy

Strengths

Open source, no vendor lock-in
Composable per-concern services
Strong standards compliance
Active community

Limitations & considerations

You assemble pieces yourself
Less out-of-the-box UI than Auth0 / Clerk
Self-hosting requires real ops investment

Pricing model summary

Open source components are free to self-host. Ory Network SaaS uses usage-based pricing tied to monthly active users and projects, with a free tier and paid plans.

View vendor pricing page ↗

Integrations

OIDCOAuth 2.0SAMLSCIMKubernetes

Fit

Company size

startup, smb, mid_market, enterprise

Deployment

saas, self_hosted, hybrid

Source

open source

Pricing model

usage_based

Alternatives & comparisons

Zitadel

Open source identity and access platform with built-in multi-tenancy, SSO, MFA and a managed Zitadel Cloud SaaS.

Compare Ory vs Zitadel →

SuperTokens

Open source auth library with prebuilt UI, session management and self-hosted or managed deployment options.

Compare Ory vs SuperTokens →

Auth0

Auth0 is a developer-centric customer identity and access management (CIAM) platform offering authentication, authorization, and user management for web and mobile applications, now operating as Okta Customer Identity Cloud.

Compare Ory vs Auth0 →

Keycloak

Keycloak is the most widely deployed open source IAM platform, providing enterprise-grade SSO, MFA, SAML, OIDC, LDAP, and Kerberos support in a self-hosted, Apache 2.0 licensed package maintained by Red Hat.

Compare Ory vs Keycloak →

Ory and its logo are trademarks of their respective owner. IDSync is an independent buyer resource and does not imply endorsement unless explicitly stated.