Introduction to Ory Network
Ory Network is the fully managed deployment of Ory: a global, low-latency identity and access management (IAM) service delivered as SaaS. It runs the same open source software you can self-host, with hosting, scaling, security patching, and compliance handled for you — so you can add authentication, authorization, and fine-grained permissions to any application and get back to building your product.
Sign up to create a free developer project, or talk to an expert about production and enterprise needs.
Why Ory Network
Ory Network gives you Ory's full identity stack without the operational overhead of running it yourself:
- Fully managed infrastructure — Ory Network operates a global edge network with multi-region availability, automatic scaling, and high availability. You don't patch servers, rotate keys, or manage failover.
- Production-grade security and compliance — Built-in protection against common threats, industry-standard cryptography, breached-password detection, and audit-ready compliance (GDPR, SOC 2, ISO, PCI DSS, and more).
- Own your user experience — Bring your own UI in any framework and language, or start with hosted screens. Ory's APIs are headless, so the login, registration, and account flows are entirely yours to design.
- Built on open source — Every core service in Ory Network is the same Apache 2.0 licensed software available on GitHub. There is no open-core lock-in, and you can move between deployment models without rewriting your integration.
- Scale without limits — Ory Network processes billions of authentication and authorization requests, with stateless horizontal scaling and smart edge caching for low latency worldwide.
What's included
Ory Network is composed of Ory's open source servers, managed and integrated for you, plus the console and tooling that make them fast to adopt. The core services each map to a focused part of the identity and access problem: identity and sessions, OAuth2 and OIDC, permissions, enterprise SSO, edge access control, and API key management. Around them, Ory Network adds the layer that gets you to production quickly:
- Ory Console — The web UI for managing projects, identities, permissions, social sign-in, identity schemas, account emails, and multi-tenancy. Most configuration that once required code can be done here without a code editor.
- Ory Account Experience — Prebuilt, customizable screens for login, registration, recovery, verification, and account settings, so you can ship auth before building your own UI.
- Ory Elements — An open source component library for integrating your own authentication UI quickly with frameworks like React and Next.js.
- Ory Actions — Hooks that extend Ory by running custom business logic and integrating with third-party services such as CRMs, payment gateways, and analytics platforms in response to identity events.
- Ory CLI — A command-line tool for configuring and operating your self-hosted deployment.
- SDKs and reference UIs — Client SDKs for popular languages and reference UI implementations for frameworks like React, Next.js, and React Native.
Ory Kratos (Identity & AuthN)
Ory Kratos manages identities, credentials, and sessions. It powers self-service flows for registration, login, account recovery, email and phone verification, profile settings, and multi-factor authentication. It supports passwords, social sign-in, OpenID Connect, and passkeys, and it uses customizable JSON Schema identity models (SCIM) so you control exactly what data each identity holds. SCIM support enables automated user provisioning and deprovisioning. Learn more in the Ory Kratos documentation.
Ory Hydra (Delegated AuthZ & Federated AuthN)
Ory Hydra is a fully featured, OpenID Certified® OAuth 2.0 and OpenID Connect provider. It handles single sign-on, API access authorization, token issuance, and delegation, with support for stateless JWT access tokens, token exchange, and credential rotation. Learn more in the Ory Hydra documentation.
Ory Keto (Fine-grained Permissions)
Ory Keto provides low-latency, relationship-based authorization for fine-grained access control. It implements Google's Zanzibar model and supports RBAC and ABAC patterns, letting you define and check permissions across any application. Learn more in the Ory Keto documentation.
Ory Polis (Enterprise SSO AuthZ)
Ory Polis adds enterprise single sign-on through SAML and OIDC. It connects to identity providers such as Okta, Microsoft Entra ID, and Google Workspace, supports directory sync, and can also act as a SAML Identity Provider — abstracting SAML complexity behind a standard OAuth 2.0 flow. Learn more in the Ory Polis documentation.
Ory Oathkeeper (Proxy-based access control)
Ory Oathkeeper provides identity and policy-aware access control at the network edge. It acts as a zero-trust proxy that authenticates and authorizes requests before they reach your services. Learn more in the Ory Oathkeeper documentation.
Ory Talos (API keys)
Ory Talos manages the full lifecycle of API credentials for machine-to-machine and AI agent access: issuing keys, verifying them, deriving short-lived tokens, and revoking access. It replaces static, over-privileged API keys with programmable macaroon tokens that enforce least privilege — permissions can only be narrowed, never widened — and supports token derivation, IP allowlists, and time-to-live limits. Commercial builds add multi-tenancy, PostgreSQL, MySQL, and CockroachDB backends, Redis caching, rate-limit enforcement, and edge proxy nodes. Learn more in the Ory Talos documentation.
Ory Network compared to the other deployment models
Ory Network is one of three ways to run Ory. All three share the same open source core, so you can start with one and move to another as your needs change:
| Ory Open Source | Ory Enterprise License | Ory Network | |
|---|---|---|---|
| Hosting | Self-hosted | Self-hosted | Fully managed (SaaS) |
| Who operates the infrastructure | You | You | Ory |
| License | Apache 2.0 | Commercial | Commercial |
| Management | CLI | CLI | CLI, GUI (Ory Console), and Terraform |
| Support | Community | Dedicated, 24/7 with SLAs | Included with the platform |
| CVE patching | Self-managed | Guaranteed timeframes | Handled by Ory |
| Enterprise features (e.g. multi-tenancy, ROPC) | Not included | Included | Included |
| Best for | Evaluation, prototyping, and full-control self-hosting | Regulated, air-gapped, or high-control production | The fastest path to production with no operational overhead |