Ory

Session lifetime can be configured (e.g., 30 days / 720h) via the Ory Console, allowing longer inactivity timeouts for user sessions

Ory provides self‑service session management APIs to list and revoke sessions, giving users and admins control over active sessions.

The account experience supports multiple languages (English, Spanish, German, French, etc.) and selects the language via the Accept‑Language header

The OAuth2 client‑credentials grant allows machine‑to‑machine access. Ory Hydra issues access tokens when a client ID and secret are sent to the authorization server

Ory issues opaque access tokens by default and can also issue JWT access tokens

Administrators can set expiration times for access, refresh and ID tokens and configure refresh‑token reuse limits and grace periods via the CLI or Console

The best way to start building a custom UI is to use the provided Ory examples and tooling e.g. Ory Elements which is a component library that provides a set of drop-in components

Ory Polis use webhooks to notify your application any time changes are made to directory users and groups

Endpoint‑based rate limits and Cloudflare WAF detect and block repeated failed logins and DoS attacks

Ory uses Cloudflare’s bot management to throttle suspicious IPs and limit unusual patterns to defend against malicious traffic

Cloudflare bot management protects endpoints and CAPTCHAs can be enabled to block automated login attempts

Ory checks passwords against Have I Been Pwned during registration and discourages disabling this NIST‑recommended check

Step‑up authentication enforces higher assurance levels for sensitive operations and supports strict or lax models

The Ory Console includes a stats and metrics feature that provides an overview of user interactions

Administrators can import identities from other systems by creating them with credentials and metadata through the admin API

Ory groups users into organizations and each organization can have multiple SSO connections. Members log in using one of these connections

Ory Keto implements role‑based access control where roles map to permissions and roles can inherit other roles

Ory supports manual account linking through the settings UI or during login/registration; automatic linking is disabled to prevent account takeover

The Ory Console provides a web‑based dashboard to manage identities, configure authentication settings, connect social providers and define Ory Actions

Live event streams emit events for sign‑ups, logins, tokens issued and more, allowing you to pipe events into your analytics stack in real‑time

Each workspace has built‑in Production, Staging and Development environments with distinct rate limits and feature sets

99.9% uptime SLA for the Growth plan and 99.99 for the Enterprise plan

The enterprise license offers 24/7 expert support, dedicated Slack channels and consultative sessions with Ory engineers

All Ory services expose Prometheus metrics endpoints and the monitoring guide provides configuration using Grafana, Prometheus, Loki and Tempo