kratos
by ory
Ory Kratos is a cloud-native, developer-friendly identity and authentication system that scales to billions of users with advanced security features.
Headless cloud-native authentication and identity management written in Go. Scales to a billion+ users. Replace Homegrown, Auth0, Okta, Firebase with better UX and DX. Passkeys, Social Sign In, OIDC, Magic Link, Multi-Factor Auth, SMS, SAML, TOTP, and more. Runs everywhere, runs best on Ory Network.
Primary Use Case
Ory Kratos is designed for developers and organizations needing a robust, scalable identity and user management system that supports modern authentication flows such as passkeys, social sign-in, and multi-factor authentication. It replaces homegrown or third-party identity solutions like Auth0 or Okta, enabling seamless integration of secure login, registration, and account management in cloud-native environments.
- Cloud-native identity and user management scalable to billions of users
- Supports passkeys, social sign-in, OIDC, magic link, multi-factor authentication, SMS, SAML, and TOTP
- Pre-built login, registration, and account management UI components
- OAuth2 and OpenID provider support for SSO and API access
- Low-latency permission checks based on Google's Zanzibar model
- GDPR-friendly secure data storage with data locality
- Comprehensive admin tools via web-based console and CLI
- Fully API-compatible with Ory Network services
Installation
- Visit the official documentation at https://www.ory.sh/kratos/docs/ for detailed installation guides
- Clone the repository using git clone https://github.com/ory/kratos.git
- Follow the setup instructions for your environment (Docker, Kubernetes, or native Go build)
- Configure Ory Kratos with your identity schema and authentication flows
- Run the Ory Kratos server according to your deployment method
- Optionally, integrate with Ory Network for managed cloud services
Usage
>_ ory kratos serveStarts the Ory Kratos identity server
>_ ory kratos migrate sqlRuns database migrations for Ory Kratos
>_ ory kratos create identityCreates a new identity in the system
>_ ory kratos get identity <id>Retrieves details of a specific identity
>_ ory kratos helpDisplays help and usage information for Ory Kratos commands
- Integrate Ory Kratos with SIEM solutions to enhance detection of anomalous authentication events.
- Leverage its API-driven architecture to automate user lifecycle management and reduce human error in access control.
- Use its support for modern authentication standards (passkeys, OIDC, SAML) to phase out legacy, vulnerable authentication methods.
- Deploy in tandem with adaptive MFA policies to dynamically adjust authentication strength based on risk context.
- Combine with vulnerability scanning tools to automatically remediate exposed authentication endpoints.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about kratos. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
vaultwarden
dani-garcia/vaultwarden
Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
authelia
authelia/authelia
The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™
keepassxc
keepassxreboot/keepassxc
KeePassXC is a cross-platform community-driven port of the Windows application “KeePass Password Safe”.
infisical
Infisical/infisical
Infisical is the open-source platform for secrets, certificates, and privileged access management.
authentik
goauthentik/authentik
The authentication glue you need.
teleport
gravitational/teleport
The easiest, and most secure way to access and protect all of your infrastructure.