LogTo
Add multi-tenancy, enterprise SSO, and RBAC to your SaaS or AI apps. OIDC and OAuth 2.1 made simple, fast, and developer-friendly with 50K MAUs free.
Complete authentication infrastructure that handles everything from basic sign-in to enterprise-grade features. Add multi-tenancy, SSO, and role-based access control to your SaaS or AI applications without rebuilding auth from scratch.
Multiple authentication methods including passwordless email/SMS verification, social sign-in with Google, Apple, Discord, and traditional password authentication. Multi-factor authentication supports WebAuthn passkeys, authenticator apps, and backup codes for enhanced security.
Enterprise-ready features include single sign-on with Okta, Entra ID, and SAML providers, plus comprehensive RBAC for both global and organization-level resource management. Multi-tenancy support lets you group users, manage resources, and handle permissions across different business units.
Developer-friendly integration works with 20+ frameworks and provides clean Management APIs. Machine-to-machine authentication secures APIs, microservices, and devices, while impersonation capabilities help with customer support troubleshooting.
Flexible deployment options include cloud hosting in EU, Australia, US, and Japan regions, plus self-hosting capabilities. SOC 2 Type II certified with advanced encryption, data isolation, and high availability infrastructure.
Generous free tier includes 50,000 monthly active users with pay-as-you-go pricing beyond that. Open-source foundation ensures transparency and community-driven development while maintaining enterprise-grade security standards.
Managing user sessions with multi-device session tracking, session controls, etc. is on the roadmap and planned.
The Omni sign‑in experience supports multiple languages and customizable translations for end‑user flows
Sign‑in experience can be customized with logos, colors, dark mode, custom CSS and translations
LogTo integrates with several social, email, and sms connectors
Supports CAPTCHA providers such as Google reCAPTCHA Enterprise and Cloudflare Turnstile to prevent automated bot attacks during sign‑in and sign‑up
Password policy includes a breach history check using Have I Been Pwned to reject previously compromised passwords
Adaptive MFA (risk‑based step‑up) is noted as a planned feature on the roadmap and not currently available
Supports importing existing users via the Management API with mapping to basic and custom data fields and multiple password hashing algorithms
Provides multi‑tenancy through organizations where users can belong to multiple organizations with different roles and supports invitations and just‑in‑time provisioning
Role‑based access control with global and organization roles, multi‑role assignment and API resource protection
During social sign‑in Logto can link social accounts to existing user accounts when identifiers match to avoid duplicates
Authorized admins can impersonate another user by obtaining a subject token via the Management API and exchanging it for an access token to act on behalf of the user
While Logto enforces general rate limits, there is no functionality for customers to configure custom rate limits
Offers separate Development and Production tenants and allows converting a Dev tenant to Production, supporting multiple environments
CCPA
GDPR
HIPAA
SOC2
