Secure and scalable identity management is complex. Ory Kratos streamlines it with a headless, cloud-native system, letting developers focus on building their applications.
Full control. Full flexibility. Fully yours.
Ory Kratos is a fully featured user management system built for the cloud. Control every aspect with a headless API.
Integrate anywhere
Ory Kratos comes with support for a wide range of 2FA protocols such as TOTP, FIDO2 & WebAuthn, works with any UI framework, and only a few lines of code are required to get it up and running.
Configure everything
Configurable login and registration flows, multi-factor authentication, custom identity models, bring your own UI.
Powered by Open Source
Ory Kratos offers deployment flexibility. With open source roots, Ory Kratos has grown to offer different models to suit your business needs. Deploy open-source, opt for Ory Enterprise License with additional features and support, or use the fully managed Ory Network for a seamless SaaS experience.
Łukasz Harasimowicz
Platform Team
Our system needs to handle sudden increases in traffic — authentication is always in the critical path for every request a user is making to our platform.
Ory Kratos features at a glance
Self service login and registration
Users create and sign in to accounts using username/email and password combinations, Social Login, passwordless flows, TOTP and more.
Multifactor Authentication
Implement proven standards of web security with FIDO2, WebAuthn, TOTP. Use Yubikeys, Google Authenticator or FaceID to reduce friction and increase security.
User management
Administer your userbase and get, create, update or delete identities and their data, with webhooks for even more control.
Bring your identity model
Use customizable identity models (defining custom fields such as name, address, favorite pet) and create your own interfaces in your style and branding.
Social Logins
Simplify your users' experience and let them use their existing accounts at Google, GitHub, Apple, etc. to sign up and log in. All OIDC providers are supported.
Account verification and recovery
Verify an identity by checking the email, phone number, or physical address of that user. Provide recovery of accounts using "Forgot Password" flows, security codes, etc.
How to de-risk identity at scale with Ory
OSS is where most teams start. The question is whether it holds up as scale, compliance, and security requirements grow. Running identity infrastructure yourself means owning everything, from patches to incident response, compliance controls, and performance tuning. At enterprise scale, that overhead competes with product innovation. Ory's commercial offerings, OEL and Ory Network, trade that burden for SLA-backed support, managed CVE patching, and audit-ready controls.
OSS
OEL
Ory Network
Compliance and audit-ready (GDPR, PSD2, PCI-DSS, SOC 2, and others)
Compliance and audit-ready (GDPR, PSD2, PCI-DSS, SOC 2, and others)
Compliance-ready
Compliance and audit-ready (GDPR, PSD2, PCI-DSS, SOC 2, and others)
Global multi-region architecture
Global multi-region architecture
Multi-region capable
Global multi-region architecture
Purpose-based data retention
Purpose-based data retention
Purpose-based data retention
24/7 SLA support
24/7 SLA support
24/7 SLA support
CVE security patching
CVE security patching
CVE security patching
Unified control plane for ease of management
CLI
Unified control plane for ease of management
CLI & GUI
Unified control plane for ease of management
CLI & GUI
Production Helm Charts
Production Helm Charts
Production Helm Charts
n/a
Managed infrastructure
Managed infrastructure
n/a
Managed infrastructure
High performance pooling
High performance pooling
High performance pooling
B2B Organizations
B2B Organizations
B2B Organizations
Admin onboarding portal
Admin onboarding portal
Admin onboarding portal
Social single sign-on
Social single sign-on
Social single sign-on
Purpose-based data retention
Purpose-based data retention
Purpose-based data retention
CAPTCHA
CAPTCHA
CAPTCHA
FedCM
FedCM
FedCM
Advanced identity search
Advanced identity search
Advanced identity search
Deploy Ory Kratos on your preferred infrastructure
Self-hosted to SaaS: full control over your infrastructure, data, and compliance.
Open Source deployment — Run, try, and inspect Ory Kratos open source. Perfect to proof-of-concept your next big idea. Ory Enterprise License
OEL deployment — Ory Kratos on OEL means optimized code with premium support for mission-critical production environments, on-prem, self-hosted – wherever else you need it, always up to date. Ory Network
Ory Network deployment — Ory Network includes Ory Kratos powered capabilities in an instant-on global identity system. Achieve speed, security, scale, compliance and support with ease.
Integrations
Ready to try Ory Kratos?
Get started with the guides and docs below
page.tsx
import React, { useEffect, useState } from "react"
import { FrontendApi, Configuration, Session } from "@ory/client"
const basePath = "https://ory.example.com"
const ory = new FrontendApi(
new Configuration({
basePath,
baseOptions: { withCredentials: true },
}),
)
function Example() {
const [session, setSession] = useState<Session | undefined>()
useEffect(() => {
ory
.toSession()
.then(({ data }) => {
setSession(data)
})
.catch((err) => {
console.error(err)
// Not signed in, redirect to login
window.location.replace(`${basePath}/self-service/login/browser`)
})
}, [])
if (!session) {
return <p>No session found.</p>
}
return <p>Welcome to, {session?.identity.traits.email}.</p>
}
More on Ory Kratos
July 13, 2023
Introducing Ory Kratos v1.0: The milestone release
Boost your user management and authentication with Ory Kratos 1.0: Discover the latest release
May 11, 2022
Learn how we built a sharing platform using Ory and Kubernetes
Add open source login to any React app using free open source, Kubernetes and Graphql.
