PickYourTechPickYourTech home
Ory Kratos logo

Ory Kratos

API‑first identity server for secure, scalable user management

Identity & SSO

Ory Kratos delivers developer‑friendly, security‑hardened identity and authentication APIs, supporting login, registration, MFA, social sign‑in, and admin management for cloud‑native applications.

Ory Kratos banner

Overview

Overview

Ory Kratos is an API‑first identity and user‑management server designed for cloud‑native applications. It targets developers and product teams that need a flexible, security‑focused authentication layer without building it from scratch.

Core capabilities

The platform supports self‑service login and registration, passwordless and WebAuthn flows, MFA via TOTP, social sign‑in, and account recovery. Admin APIs let you import, update, or delete identities, while built‑in UI components and the Ory Console accelerate integration. It also offers OAuth2 and OpenID Connect endpoints for SSO and machine‑to‑machine authorization, and low‑latency permission checks based on the Zanzibar model.

Deployment options

You can self‑host Kratos on any infrastructure, leveraging the open‑source code and CLI, or use the fully managed Ory Network for a hassle‑free, GDPR‑friendly service with usage‑based pricing. Enterprises needing additional features, strict SLAs, and private Docker images can obtain an Ory Enterprise License.

Highlights

API‑first identity management with RESTful endpoints
Built‑in MFA, passwordless, and social login flows
Pre‑packaged UI components and Ory Console for admin tasks
OAuth2 / OpenID Connect support for SSO and machine‑to‑machine auth

Pros

  • Highly extensible and language‑agnostic API
  • Strong security focus with battle‑tested code
  • Scales to billions of identities and devices
  • Comprehensive documentation, CLI, and admin tools

Considerations

  • Self‑hosting requires operational expertise
  • Advanced features are gated behind an enterprise license
  • Permission model (Zanzibar) can have a learning curve
  • Out‑of‑the‑box UI may need customization for complex flows

Managed products teams compare with

When teams consider Ory Kratos, these hosted platforms usually appear on the same shortlist.

Amazon Cognito logo

Amazon Cognito

Customer identity and access management service for adding user sign-up, sign-in, and authentication to apps

Auth0 logo

Auth0

Cloud-based identity management platform for adding user authentication and authorization to applications

Clerk logo

Clerk

User authentication and identity APIs for web and mobile apps

Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.

Fit guide

Great for

  • SaaS platforms needing custom authentication logic
  • Enterprises requiring on‑premise identity control and compliance
  • Developers building microservice architectures with centralized auth
  • Applications that must store user data in specific regions for GDPR

Not ideal when

  • Static sites with only basic login requirements
  • Teams lacking DevOps resources for self‑hosting
  • Projects that need a fully ready‑made UI without customization
  • Organizations unwilling to invest in enterprise licensing for extra features

How teams use it

Passwordless login for mobile app

Reduces friction for users while enhancing security through WebAuthn.

Multi‑tenant SaaS onboarding

Provides a single identity hub that isolates tenant data and simplifies admin management.

Regulated industry compliance

Ensures GDPR‑friendly data storage and audit trails for sensitive user information.

Microservice API authentication

Delivers consistent identity verification across services via OAuth2/OpenID Connect.

Tech snapshot

Go91%
TypeScript8%
Shell1%
JavaScript1%
Makefile1%
Jsonnet1%

Tags

identityuseruser-profileprofile-managementhacktoberfestloginuser-managementuser-profilesregistrationidentity-managementusers

Frequently asked questions

What languages can I use with Ory Kratos?

Ory Kratos exposes a RESTful HTTP API, so any language that can make HTTP requests can integrate with it.

Is there a hosted version of Ory Kratos?

Yes, the Ory Network offers a fully managed, cloud‑native deployment of Kratos with built‑in scaling and compliance features.

How does Ory Kratos handle multi‑factor authentication?

It supports TOTP, WebAuthn, and other standard MFA methods, configurable per identity.

Can I run Ory Kratos on my own servers?

Absolutely; the open‑source code can be self‑hosted on any infrastructure using Docker or binary releases.

What additional benefits does the Enterprise License provide?

The license adds advanced scaling, multi‑tenancy, SLA‑backed security patches, and access to a private Docker registry.

Project at a glance

Active
Visit siteView repo
Stars
13,370
Watchers
13,370
Forks
1,100
LicenseApache-2.0
Repo age7 years old
Last commityesterday
Primary languageGo

Last synced 3 hours ago