Every plan includes every feature.
You only choose scale.
Starting out?
You're building your app and need auth that works. Free gets you 5,000 users with full auth + RBAC. Starter adds SSO and custom domains when your first enterprise customer asks.
→ Free or Starter
Scaling up?
You have paying customers and need AuthFI Connect, the eBPF agent, and AI security. Pro gives you 50K users, unlimited SSO, SCIM sync, and the full detection engine.
→ Pro (recommended)
Going enterprise?
You need the full platform — mesh networking, AI agent auth, NL policies, infrastructure audit, dedicated support. Business and Enterprise give you everything with no limits.
→ Business or Enterprise
Add-ons
Available on paid plans only. Free plan has no add-ons.
Extra users
$0.02 /user/moBeyond plan limit
AuthFI Connect account
$99 /account/moAWS, GCP, Azure, or OCI
AuthFI Agent node
$99 /agent/moPer host or cluster
Extra SSO connection
$19 /moBeyond plan limit
Extra console seat
$9 /seat/moBeyond plan included
Extra custom domain
$9 /moBeyond plan limit
Healthcare module
$149 /moSMART on FHIR, HIPAA
SMS OTP
$0.05 /SMSPay per use
Compare all features
| Feature | Free $0 | Starter $59/mo | Pro $299/mo | Business $999/mo | Enterprise Custom |
|---|---|---|---|---|---|
| Authentication | |||||
| Email / password | ✓ | ✓ | ✓ | ✓ | ✓ |
| Social login (Google, GitHub, etc.) | ✓ | ✓ | ✓ | ✓ | ✓ |
| Magic links + email OTP | ✓ | ✓ | ✓ | ✓ | ✓ |
| MFA / TOTP + backup codes | ✓ | ✓ | ✓ | ✓ | ✓ |
| OAuth 2.0 + PKCE | ✓ | ✓ | ✓ | ✓ | ✓ |
| Social providers | 2 | 5 | All | All | All |
| SMS OTP | — | Add-on | Add-on | Add-on | ✓ |
| Enterprise SSO | |||||
| SAML 2.0 | — | ✓ | ✓ | ✓ | ✓ |
| OIDC federation | — | ✓ | ✓ | ✓ | ✓ |
| LDAP / Active Directory | — | ✓ | ✓ | ✓ | ✓ |
| Domain routing | — | ✓ | ✓ | ✓ | ✓ |
| SSO connections | — | 2 | 10 | Unlimited | Unlimited |
| Directory & RBAC | |||||
| Roles & permissions | ✓ | ✓ | ✓ | ✓ | ✓ |
| Auto permission sync from SDK | ✓ | ✓ | ✓ | ✓ | ✓ |
| Security groups | — | ✓ | ✓ | ✓ | ✓ |
| Organizations | — | ✓ | ✓ | ✓ | ✓ |
| SCIM inbound | — | — | ✓ | ✓ | ✓ |
| SCIM outbound | — | — | ✓ | ✓ | ✓ |
| Roles | 5 | 20 | 100 | Unlimited | Unlimited |
| Groups | — | 10 | 50 | Unlimited | Unlimited |
| Branding & White-Label | |||||
| Branded login page | ✓ | ✓ | ✓ | ✓ | ✓ |
| Custom domain | — | 1 | 5 | 20 | Unlimited |
| Remove AuthFI attribution | — | ✓ | ✓ | ✓ | ✓ |
| Custom CSS | — | — | ✓ | ✓ | ✓ |
| Per-org branding (B2B) | — | — | — | ✓ | ✓ |
| AuthFI Connect | |||||
| Cloud accounts (AWS/GCP/Azure/OCI) | — | — | 2 | 10 | Unlimited |
| Console signin | — | — | ✓ | ✓ | ✓ |
| Temp credentials (API/CLI) | — | — | ✓ | ✓ | ✓ |
| Workload identity | — | — | ✓ | ✓ | ✓ |
| AuthFI Agent | |||||
| Agent nodes | — | — | 1 | 5 | Unlimited |
| Protected ports | — | — | 5 | 25 | Unlimited |
| L7 HTTP + L4 TCP | — | — | ✓ | ✓ | ✓ |
| API auto-discovery | — | — | ✓ | ✓ | ✓ |
| WireGuard mesh | — | — | — | ✓ | ✓ |
| Infrastructure audit | — | — | — | ✓ | ✓ |
| Detection Engine | |||||
| Security dashboard | ✓ | ✓ | ✓ | ✓ | ✓ |
| Breached password detection | ✓ | ✓ | ✓ | ✓ | ✓ |
| Smart alerts (rules-based) | ✓ | ✓ | ✓ | ✓ | ✓ |
| Risk scoring + anomaly detection | — | — | ✓ | ✓ | ✓ |
| Auto-block + auto-MFA | — | — | ✓ | ✓ | ✓ |
| Auto-policy suggestions | — | — | — | ✓ | ✓ |
| Custom ML models | — | — | — | — | ✓ |
| ML feedback + retraining | — | — | — | — | ✓ |
| Threat intelligence feeds | — | — | — | — | ✓ |
| AI Agent Auth | |||||
| Agent identity (MCP) | — | — | — | ✓ | ✓ |
| Scoped delegation | — | — | — | ✓ | ✓ |
| Human-in-the-loop | — | — | — | ✓ | ✓ |
| NL policies (Gemini) | — | — | — | ✓ | ✓ |
| Observability | |||||
| Audit logs | ✓ | ✓ | ✓ | ✓ | ✓ |
| Dashboards + webhooks | ✓ | ✓ | ✓ | ✓ | ✓ |
| Audit retention | 7 days | 30 days | 90 days | 1 year | Custom |
| SIEM export (CSV/JSON) | — | — | ✓ | ✓ | ✓ |
| OpenTelemetry export | — | — | — | — | ✓ |
| Platform | |||||
| Users | 5,000 | 10,000 | 50,000 | 200,000 | Unlimited |
| Applications | 5 | 10 | 50 | 200 | Unlimited |
| Console seats | 1 | 3 | 10 | 25 | Unlimited |
| Environment | Dev only | Production | Production | Production | Production |
| 7 SDKs + API | ✓ | ✓ | ✓ | ✓ | ✓ |
| Rate limit (API req/min) | 60 | 300 | 1,000 | 5,000 | Custom |
| SLA | — | 99.5% | 99.9% | 99.95% | 99.99% |
| Support | Community | Priority | Dedicated | Dedicated | |
| Extra console seat | — | $9/mo | $9/mo | $9/mo | Included |
All prices in USD. Annual billing available (~30% off). Startups and enterprises get 1 year free. Talk to us about Enterprise.
Common questions
Can I start free and upgrade later?
Yes. Start with the Free plan (5,000 users, dev environment). Upgrade to any plan instantly from the console. No data migration needed.
What happens if I exceed my user limit?
We'll notify you. Overage is charged at $0.02 per user per month. No service interruption.
Is there a contract?
No. All plans are month-to-month. Cancel anytime. Annual billing gets ~30% off.
Do I need separate plans for AuthFI Connect or the agent?
No. AuthFI Connect and the eBPF agent are included on Pro and above. Add extra accounts or nodes as add-ons.
How does the free-for-1-year program work?
Startups and enterprises can apply for Pro or Business plan free for 1 year. Sign up on the free plan, then apply at authfi.app/program with your billing ID. Startups are auto-approved after AI review.
One platform. Every identity layer.
Free to start.
Free for 5,000 users. Upgrade when you're ready.
Start building free →