Secure, scalable identity management and user authentication is complex. Ory Kratos streamlines it with a headless, cloud-native identity management system that runs in the cloud or self-hosted — letting developers focus on building their applications.
Full control. A cloud-native identity management system that fits your stack.
Ory Kratos is a fully featured identity and user management system with a clean, API-first architecture. Run it cloud-native, self-hosted, or fully managed — you control every aspect through the headless API.
Integrate with any stack
Ory Kratos works as a headless user authentication system behind any UI framework. Native support for FIDO2, WebAuthn, TOTP, and modern passwordless flows — drop in a few API calls and you're live.
Configurable user authentication flows
Customize login, registration, MFA, and account recovery. Define your own identity models with custom traits and schemas. Bring your own UI or use Ory Elements to expedite development — either way, every flow is configurable through the API.
Powered by Open Source
Ory Kratos is open-source identity management at its core — auditable, no vendor lock-in, and deployable across three models. Run the open-source distribution yourself, choose the Ory Enterprise License for self-hosted production support, or use Ory Network for fully managed cloud identity management.
Łukasz Harasimowicz
Platform Team
Our system needs to handle sudden increases in traffic — authentication is always in the critical path for every request a user is making to our platform.
The Ory Kratos identity and user management system at a glance
Self service login and registration
Users create and sign in to accounts using username/email and password combinations, Social Login, passwordless flows, TOTP and more.
Multifactor Authentication
Implement proven standards of web security with FIDO2, WebAuthn, TOTP. Use Yubikeys, Google Authenticator or FaceID to reduce friction and increase security.
User management
Run a complete user management system: create, update, retrieve, and delete user identities through the API, with webhooks for lifecycle events. Full admin control over every identity in your system.
Bring your identity model
Use customizable identity models (defining custom fields such as name, address, favorite pet) and create your own interfaces in your style and branding.
Social Login & SSO
Let users sign in with Google, GitHub, Apple, and any OIDC provider. Single sign-on (SSO) with the social and enterprise identity providers your users already trust.
Account verification and recovery
Verify an identity by checking the email, phone number, or physical address of that user. Provide recovery of accounts using "Forgot Password" flows, security codes, etc.
How to de-risk identity at scale with Ory
OSS is where most teams start. The question is whether it holds up as scale, compliance, and security requirements grow. Running identity infrastructure yourself means owning everything, from patches to incident response, compliance controls, and performance tuning. At enterprise scale, that overhead competes with product innovation. Ory's commercial offerings, OEL and Ory Network, trade that burden for SLA-backed support, managed CVE patching, and audit-ready controls.
OSS
OEL
Ory Network
Compliance and audit-ready (GDPR, PSD2, PCI-DSS, SOC 2, and others)
Compliance and audit-ready (GDPR, PSD2, PCI-DSS, SOC 2, and others)
Compliance-ready
Compliance and audit-ready (GDPR, PSD2, PCI-DSS, SOC 2, and others)
Global multi-region architecture
Global multi-region architecture
Multi-region capable
Global multi-region architecture
Purpose-based data retention
Purpose-based data retention
Purpose-based data retention
24/7 SLA support
24/7 SLA support
24/7 SLA support
CVE security patching
CVE security patching
CVE security patching
Unified control plane for ease of management
CLI
Unified control plane for ease of management
CLI & GUI
Unified control plane for ease of management
CLI & GUI
Production Helm Charts
Production Helm Charts
Production Helm Charts
n/a
Managed infrastructure
Managed infrastructure
n/a
Managed infrastructure
High performance pooling
High performance pooling
High performance pooling
B2B Organizations
B2B Organizations
B2B Organizations
Admin onboarding portal
Admin onboarding portal
Admin onboarding portal
Social single sign-on
Social single sign-on
Social single sign-on
Purpose-based data retention
Purpose-based data retention
Purpose-based data retention
CAPTCHA
CAPTCHA
CAPTCHA
FedCM
FedCM
FedCM
Advanced identity search
Advanced identity search
Advanced identity search
Deploy Ory Kratos on your preferred infrastructure
Self-hosted to SaaS: full control over your infrastructure, data, and compliance.
Open Source deployment — Run, try, and inspect Ory Kratos open source. Perfect to proof-of-concept your next big idea. 
Ory Enterprise License
OEL deployment — Ory Kratos on OEL means optimized code with premium support for mission-critical production environments, on-prem, self-hosted – wherever else you need it, always up to date. 
Ory Network
Ory Network deployment — Ory Network includes Ory Kratos powered capabilities in an instant-on global identity system. Achieve speed, security, scale, compliance and support with ease.
Integrations
Ready to try Ory Kratos?
Get started with the guides and docs below
page.tsx
import React, { useEffect, useState } from "react"
import { FrontendApi, Configuration, Session } from "@ory/client"
const basePath = "https://ory.example.com"
const ory = new FrontendApi(
new Configuration({
basePath,
baseOptions: { withCredentials: true },
}),
)
function Example() {
const [session, setSession] = useState<Session | undefined>()
useEffect(() => {
ory
.toSession()
.then(({ data }) => {
setSession(data)
})
.catch((err) => {
console.error(err)
// Not signed in, redirect to login
window.location.replace(`${basePath}/self-service/login/browser`)
})
}, [])
if (!session) {
return <p>No session found.</p>
}
return <p>Welcome to, {session?.identity.traits.email}.</p>
}
