Secure and scalable identity management is complex. Ory Kratos streamlines it with a headless, cloud-native system, letting developers focus on building their applications.
Ory Kratos is a fully featured user management system built for the cloud. Control every aspect with a headless API.
Ory Kratos comes with support for a wide range of 2FA protocols such as TOTP, FIDO2 & WebAuthn, works with any UI framework, and only a few lines of code are required to get it up and running.
Configurable login and registration flows, multi-factor authentication, custom identity models, bring your own UI.
Ory Kratos offers deployment flexibility. With open source roots, Ory Kratos has grown to offer different models to suit your business needs. Deploy open-source, opt for Ory Enterprise License with additional features and support, or use the fully managed Ory Network for a seamless SaaS experience.
Łukasz Harasimowicz
Platform Team
Our system needs to handle sudden increases in traffic — authentication is always in the critical path for every request a user is making to our platform.
OSS is where most teams start. The question is whether it holds up as scale, compliance, and security requirements grow. Running identity infrastructure yourself means owning everything, from patches to incident response, compliance controls, and performance tuning. At enterprise scale, that overhead competes with product innovation. Ory's commercial offerings, OEL and Ory Network, trade that burden for SLA-backed support, managed CVE patching, and audit-ready controls.
OSS
OEL
Ory Network
Self-hosted to SaaS: full control over your infrastructure, data, and compliance.
Users create and sign in to accounts using username/email and password combinations, Social Login, passwordless flows, TOTP and more.
Implement proven standards of web security with FIDO2, WebAuthn, TOTP. Use Yubikeys, Google Authenticator or FaceID to reduce friction and increase security.
Administer your userbase and get, create, update or delete identities and their data, with webhooks for even more control.
Use customizable identity models (defining custom fields such as name, address, favorite pet) and create your own interfaces in your style and branding.
Simplify your users' experience and let them use their existing accounts at Google, GitHub, Apple, etc. to sign up and log in. All OIDC providers are supported.
Verify an identity by checking the email, phone number, or physical address of that user. Provide recovery of accounts using "Forgot Password" flows, security codes, etc.
Get started with the guides and docs below
import React, { useEffect, useState } from "react"
import { FrontendApi, Configuration, Session } from "@ory/client"
const basePath = "https://ory.example.com"
const ory = new FrontendApi(
new Configuration({
basePath,
baseOptions: { withCredentials: true },
}),
)
function Example() {
const [session, setSession] = useState<Session | undefined>()
useEffect(() => {
ory
.toSession()
.then(({ data }) => {
setSession(data)
})
.catch((err) => {
console.error(err)
// Not signed in, redirect to login
window.location.replace(`${basePath}/self-service/login/browser`)
})
}, [])
if (!session) {
return <p>No session found.</p>
}
return <p>Welcome to, {session?.identity.traits.email}.</p>
}