What you get
Everything B2B SaaS auth actually needs.
Organizations as primitives
Members, roles, customer-managed SSO — all on the same model.
Customer-managed SSO
SAML and OIDC per tenant. Self-serve setup, test mode included.
RBAC and authorization
Roles, scopes, ReBAC, and per-tenant policy in one engine.
Audit and compliance
Immutable logs, exportable to your SIEM. SOC 2 evidence-ready.
Multi-region reliability
Active-active across regions. Sub-50ms decision latency.
Developer experience
Same primitives across TypeScript, Go, Python, .NET, Rust.
Who it's for
B2B SaaS teams shipping product, not auth.
Early-stage B2B SaaS
From your first paying customer to your first enterprise pilot, without rewriting auth in between.
Multi-workspace products
Users belong to multiple organizations. Switching workspaces switches roles, tokens, and policy.
Enterprise software
SAML, SCIM, audit, step-up, and custom domains — every checkbox the procurement form asks for.
AI SaaS and agent platforms
Agent identities, scoped tokens, per-action audit.