Simple pricing. Pick your scale.
Every plan includes every feature. You only choose how many users. Start free, upgrade when you grow.
Starter
10,000 users
Portal + SSO + Cloud Access
Replaces: Auth0 + SSO ($240+/mo)
Start trialPro
50,000 users
Agent + AI + Connect
Replaces: 3-tool stack ($1.5K+/mo)
Start trialStarting out?
Free gets you auth for 5,000 users — login, SSO, MFA, SDKs, RBAC. No portal, no cloud access. Starter unlocks the portal, cloud access, custom domains, and enterprise SSO.
→ Free or Starter
Scaling up?
You have paying customers and need AuthFI Connect, eBPF agent, and AI security. Pro gives you 50K users, unlimited SSO, SCIM sync, and the full detection engine.
→ Pro (recommended)
Going enterprise?
Full platform — mesh networking, AI agent auth, NL policies, infrastructure audit, dedicated support. Business and Enterprise give you everything.
→ Business or Enterprise
Need more? Add what you need.
Available on paid plans. Pay only for what you use.
Extra users
Beyond plan limit
AuthFI Connect account
AWS, GCP, Azure, or OCI
AuthFI Agent node
Per host or cluster
Extra SSO connection
Beyond plan limit
Extra portal seat
Beyond plan included
Extra custom domain
Beyond plan limit
Healthcare module
SMART on FHIR, HIPAA
SMS OTP
Pay per use
Compare all features
| Feature | Free $0 | Starter $59/mo | Pro $299/mo | Business $999/mo | Enterprise Custom |
|---|---|---|---|---|---|
| Authentication | |||||
| Email / password | ✓ | ✓ | ✓ | ✓ | ✓ |
| Social login (Google, GitHub, etc.) | ✓ | ✓ | ✓ | ✓ | ✓ |
| Magic links + email OTP | ✓ | ✓ | ✓ | ✓ | ✓ |
| MFA / TOTP + backup codes | ✓ | ✓ | ✓ | ✓ | ✓ |
| OAuth 2.0 + PKCE | ✓ | ✓ | ✓ | ✓ | ✓ |
| Social providers | 2 | 5 | All | All | All |
| SMS OTP | — | Add-on | Add-on | Add-on | ✓ |
| Enterprise SSO | |||||
| SAML 2.0 | — | ✓ | ✓ | ✓ | ✓ |
| OIDC federation | — | ✓ | ✓ | ✓ | ✓ |
| LDAP / Active Directory | — | ✓ | ✓ | ✓ | ✓ |
| Domain routing | — | ✓ | ✓ | ✓ | ✓ |
| SSO connections | — | 2 | 10 | Unlimited | Unlimited |
| Directory & RBAC | |||||
| Roles & permissions | ✓ | ✓ | ✓ | ✓ | ✓ |
| Auto permission sync from SDK | ✓ | ✓ | ✓ | ✓ | ✓ |
| Security groups | — | ✓ | ✓ | ✓ | ✓ |
| Organizations | — | ✓ | ✓ | ✓ | ✓ |
| SCIM inbound | — | — | ✓ | ✓ | ✓ |
| SCIM outbound | — | — | ✓ | ✓ | ✓ |
| Roles | 5 | 20 | 100 | Unlimited | Unlimited |
| Groups | — | 10 | 50 | Unlimited | Unlimited |
| Branding & White-Label | |||||
| Branded login page | ✓ | ✓ | ✓ | ✓ | ✓ |
| Custom domain | — | 1 | 5 | 20 | Unlimited |
| Remove AuthFI attribution | — | ✓ | ✓ | ✓ | ✓ |
| Custom CSS | — | — | ✓ | ✓ | ✓ |
| Per-org branding (B2B) | — | — | — | ✓ | ✓ |
| AuthFI Connect | |||||
| Cloud accounts (AWS/GCP/Azure/OCI) | — | 1 | 2 | 10 | Unlimited |
| Console SSO | — | ✓ | ✓ | ✓ | ✓ |
| Temp credentials (API/CLI) | — | ✓ | ✓ | ✓ | ✓ |
| Workload identity | — | — | ✓ | ✓ | ✓ |
| AuthFI Agent | |||||
| Agent nodes | — | — | 1 | 5 | Unlimited |
| Protected ports | — | — | 5 | 25 | Unlimited |
| L7 HTTP + L4 TCP | — | — | ✓ | ✓ | ✓ |
| API auto-discovery | — | — | ✓ | ✓ | ✓ |
| WireGuard mesh | — | — | — | ✓ | ✓ |
| Infrastructure audit | — | — | — | ✓ | ✓ |
| Detection Engine | |||||
| Security dashboard | ✓ | ✓ | ✓ | ✓ | ✓ |
| Breached password detection | ✓ | ✓ | ✓ | ✓ | ✓ |
| Smart alerts (rules-based) | ✓ | ✓ | ✓ | ✓ | ✓ |
| Risk scoring + anomaly detection | — | — | ✓ | ✓ | ✓ |
| Auto-block + auto-MFA | — | — | ✓ | ✓ | ✓ |
| Auto-policy suggestions | — | — | — | ✓ | ✓ |
| Custom ML models | — | — | — | — | ✓ |
| AI Agent Auth | |||||
| Agent identity (MCP) | ✓ | ✓ | ✓ | ✓ | ✓ |
| Scoped delegation | ✓ | ✓ | ✓ | ✓ | ✓ |
| Human-in-the-loop | ✓ | ✓ | ✓ | ✓ | ✓ |
| NL policies (LLM) | — | — | ✓ | ✓ | ✓ |
| Observability | |||||
| Audit logs | ✓ | ✓ | ✓ | ✓ | ✓ |
| Dashboards + webhooks | ✓ | ✓ | ✓ | ✓ | ✓ |
| Audit retention | 7 days | 30 days | 90 days | 1 year | Custom |
| SIEM export (CSV/JSON) | — | — | ✓ | ✓ | ✓ |
| OpenTelemetry export | — | — | — | — | ✓ |
| Infrastructure & Platform | |||||
| Terraform Provider | ✓ | ✓ | ✓ | ✓ | ✓ |
| Linux PAM (SSH access) | — | — | ✓ | ✓ | ✓ |
| Session recording | — | — | — | ✓ | ✓ |
| Data regions | IN | IN, US | IN, US, EU | All 4 | All 4 + custom |
| SLA | — | 99.5% | 99.9% | 99.95% | 99.99% |
| Users | 5,000 | 10,000 | 50,000 | 200,000 | Unlimited |
| Applications | 5 | 10 | 50 | 200 | Unlimited |
| Portal & Access App | — | ✓ | ✓ | ✓ | ✓ |
| Portal seats | — | 3 | 10 | 25 | Unlimited |
| 7 SDKs + API | ✓ | ✓ | ✓ | ✓ | ✓ |
| Support | Community | Priority | Dedicated | Dedicated | |
All prices in USD. Annual billing available (~30% off). Startups get 1 year free. Talk to us about Enterprise.
Common questions
Can I start free and upgrade later?
Yes. Start with the Free plan (5,000 users, dev environment). Upgrade to any plan instantly from the console. No data migration needed.
What happens if I exceed my user limit?
We'll notify you. Overage is charged at $0.02 per user per month. No service interruption.
Is there a contract?
No. All plans are month-to-month. Cancel anytime. Annual billing gets ~30% off.
Do I need separate plans for Connect or the Agent?
No. AuthFI Connect and the eBPF agent are included on Pro and above. Add extra accounts or nodes as add-ons.
How does the 1-year free program work?
Startups and enterprises can apply for Pro or Business plan free for 1 year. Sign up on the free plan, then apply at authfi.app/program.