Stop building auth.
Start shipping products.

Every app you build. Every tool your team uses.
One AI-native identity layer handles it all.

Start free →
Free forever · No credit card · Live in 5 minutes

5 min

Setup time

5K

Free MAU

7

SDKs

100%

White-labeled

AI

Native security

Capabilities

Auth for everything.
Code for nothing.

Your apps

Add login to any app in 5 minutes

Install the SDK, annotate routes with permissions — done. Branded login page, social login, MFA, magic links. JWTs with roles, permissions, and tenant_id. Multi-tenant from day one.

LoginSocialMagic linksMFARBACMulti-tenanttenant_id in JWT7 SDKs
// Three lines. Auth is done forever. const auth = authfi({ tenant: 'acme' }); app.get('/api/users', auth.require('read:users'), handler ); auth.start(); // permissions auto-synced
Their SSO

Say yes when they ask for SSO

Configure SAML, OIDC, or LDAP from your dashboard. Domain routing sends users to the right identity provider. SCIM syncs their directory. You close the enterprise deal.

SAML 2.0OIDCLDAPOktaAzure ADSCIMDomain routing
# Enterprise SSO configured. No code. Connections: Okta (SAML) acme.okta.com Azure AD (OIDC) login.microsoft.com LDAP ldap.corp.internal Domain routing: *@acme.com → Okta *@partner.io → Azure AD *@legacy.corp → LDAP
Your team

Protect internal apps. Zero code changes.

Deploy one agent. It discovers services, hooks into the Linux kernel via eBPF, and validates identity on every request. Admin panels, dashboards, APIs — all protected. No VPN. No reverse proxy.

eBPFAuto-discoveryKubernetesVMsDockerServerlessReal-time logs
$ authfi access install --tenant acme Agent installed Discovered 8 services Protected: admin-panel:3000 Protected: grafana:3001 Protected: internal-api:8080 Protected: jenkins:8888 # Kernel-level auth. Zero code changes.
Your cloud

Access any cloud. No static keys.

OIDC federation to AWS, GCP, Azure. Short-lived credentials, auto-rotated, fully audited. On-prem apps access any cloud securely. No API keys in environment variables. Ever.

AWS STSGCP Workload IdentityAzure15 min TTLAuto-rotated
$ authfi cloud assume-role --provider aws { "AccessKeyId": "ASIA...", "Expiration": "15 minutes", "Source": "AuthFI OIDC Federation" } # No static keys. No secrets. No rotation.
Every industry

One platform. Healthcare, fintech, education.

Industry modules activate per tenant. Healthcare gets SMART on FHIR scopes and EHR launch context. Fintech gets PSD2 and KYC hooks. Education gets LTI and FERPA controls. Same deployment serves every vertical.

HealthcareSMART on FHIRFintechPSD2/SCAEducationLTIPer-tenant activation
# Activate healthcare for Ayush Hospital POST /manage/v1/ayush/modules/activate { "module": "healthcare", "config": { "smart_version": "2.2.0" } } SMART on FHIR scopes enabled .well-known/smart-configuration live fhirUser claim in tokens Patient launch context ready # Terraqube stays on core auth. No change.
AI-Native Security

We handle threats.
You ship products.

Suspicious login from a new country? MFA step-up enforced. Credential stuffing? IPs blocked. Account takeover? Locked and admin notified. Automatically. You write zero security code.

Free — Insights

  • Security dashboard
  • Login activity
  • Breached password checks
  • Basic threat visibility

Ship — Detection

  • Anomaly detection
  • Impossible travel
  • Credential stuffing
  • Bot detection
  • Real-time alerts

Scale — Enforcement

  • Auto-block suspicious IPs
  • Auto-force MFA on risk
  • Auto-lock accounts
  • Slack / PagerDuty alerts
  • Weekly security digest
Ecosystem

Fits into your stack.

Identity

Okta · Azure AD
Google · SAML
OIDC · LDAP

Cloud

AWS · GCP
Azure · K8s
Terraform

CI/CD

GitHub Actions
GitLab CI
Jenkins · Argo

Observability

Datadog · Grafana
Splunk · Elastic
PagerDuty

Pricing

Use what you need.
Pay as you grow.

One platform. Clear tiers. No surprises.

Free

$0 forever
Just auth. Ship today.
  • 5,000 MAU
  • Login + social + MFA
  • Roles & permissions
  • Branded login
  • Webhooks + 7 SDKs
  • AI security insights
  • Status page
Start free
Most popular

Ship

$49 /mo
Enterprise-ready auth.
  • 15,000 MAU
  • Enterprise SSO
  • LDAP / Active Directory
  • Custom domain
  • White-labeled
  • AI threat detection
  • Email support
Start 14-day trial

Scale

$499 /mo
Auth + internal access.
  • 100,000 MAU
  • SCIM + audit export
  • Internal access (10 seats)
  • eBPF enforcement
  • AI auto-enforcement
  • Per-org branding
  • Priority support
Start 14-day trial

Enterprise

Custom
The full control plane.
  • Unlimited MAU + seats
  • Cloud identity
  • SSH + DB proxy
  • Session recording
  • SLA 99.99%
  • Dedicated support
  • Custom integrations
Talk to us

Add-ons: Industry module $49/mo · SMS OTP $0.05/SMS · Extra access agent $29/mo · Extra MAU $10/5K

Compare all features →

Build your next app.
Auth is already done.

Free forever. Live in 5 minutes.

Start free →