$9
Flat price per Org
Users per Org
Apps per Org
<50ms
Target Median Latency
The Cosmic Architecture
Every layer maps directly to how you actually build and sell software.
Your Account
The Galaxy
Your master ZanAuth account. One login to rule all your clients, projects, and products. Centralized billing, audit logs, and team access — with full role delegation down the hierarchy.
$9 / month
Solar Systems
An Organization or Client. Each Solar System is a fully isolated authentication namespace with its own users, apps, SSO config, and branding. Pay $9/mo and onboard 10 users or 10,000,000 — the invoice never changes.
Planets Unlimited
Individual applications inside a Solar System. Your web app, mobile app, internal dashboard, and customer portal — all separate Planets, one Solar System, one flat price. Spin up as many as you need.
Beings Unlimited MAU
Your users. Every human, bot, or m2m account that authenticates. We call them Beings because they're not a revenue metric to us — they're your customers. Scale to a million without ever seeing a price hike.
Infrastructure Stack
| Target Latency | <50ms p95 |
| Target Uptime | >99 .99% |
| Tenant Isolation | Per Solar System |
| Privacy | GDPR‑Aligned |
| Encryption | All Private Data |
| Security | SOC 2 Planned |
Why Bare Metal?
Auth0, Clerk, and Okta run on AWS or Azure — which means their pricing reflects cloud overhead, egress fees, and vendor margin. They package this as a “per MAU” model. It’s not efficiency. It's cost shifting.
ZanAuth runs on raw iron — dedicated Hetzner and OVH servers. The result is lower latency, predictable capacity, and infrastructure costs so low we can charge a flat $9 and still build a sustainable business.
Dedicated CPUs mean your auth spikes never compete with someone else's workload.
JWTs and tokens don't cost per-byte on a bare metal with unmetered uplinks.
Fully stateless and replicated across regions. You never pick a region — DNS automatically routes each user to the closest healthy node.
Our status page is public. No PR-approved incident comms — just raw uptime data.
For Agencies & Multitenant SaaS
Stop dreading the moment a client goes viral. With ZanAuth, their growth is your win — not an unexpected line item.
The Old World (MAU Pricing)
ZanAuth (Flat Rate per Org)
The Agency Math — Simple & Honest
1 Client (Solar System)
$9
/month
10 Clients
$90
/month
50 Clients
$450
/month
100 Clients
$900
/month · predictable, forever
That's 100 fully isolated auth namespaces , each supporting unlimited users, unlimited apps, and every security feature — for less than a single seat at some competitors.
Everything. Included. Always.
Every feature below is included in every $9 Solar System. No feature tiers. No add-ons. No "contact sales."
Single Sign-On (SSO)
SAML 2.0, Ecosystem SSO out of the box. Connect any IdP — Google Workspace, Azure AD, Okta, or a custom provider. Enterprise-grade SSO at startup pricing.
Coming soon:
Multi-Factor Authentication
TOTP, WebAuthn / Passkeys, and hardware key support. Enforce MFA at the Planet level or globally across a Solar System. Risk-adaptive step-up auth included.
Social Login
Pre-built connectors for Google, GitHub, Microsoft, Apple, Discord, Twitter/X, LinkedIn and more. One toggle to enable. Zero SDKs required from your side.
Coming soon:
RBAC & Fine-Grained Permissions
Define roles, scopes, and permissions per Planet. Attach claims to JWTs. Build multi-tenant permission models without writing a single line of authorization middleware.
Coming soon:
Custom Domains & Branding
Host your login UI on
yourcompany.zanauth.com
or
auth.yourdomain.com
Full white-label support: custom logos, colour
palettes, and email templates per Solar System. Your
brand. Our infra.
Coming soon:
Passwordless & Magic Links
Email magic links, and passkey-first flows that eliminate passwords entirely. Higher conversion on sign-up, zero password reset tickets in your support queue.
Machine-to-Machine (M2M)
Client Credentials flow for services, microservices, and CI/CD pipelines. Issue short-lived tokens, rotate secrets via API, and audit every non-human auth event automatically.
Webhooks & Auth Events
Real-time event streams for every auth action: login, logout, token refresh, MFA challenge, and role change. POST to your endpoint or pipe to Kafka, Datadog, or any SIEM.
Coming soon:
SDKs & Framework Integrations
Official SDKs for Node.js, Python, Go, Rust, PHP, and React.
Coming soon:
The Honest Comparison
Other platforms punish growth. We reward it.
| Feature / Policy | Auth0 / Okta | Clerk | ZanAuth |
|---|---|---|---|
| Pricing Model | Per MAU | Per MAU | Flat $9/Org |
| 1M Users Cost / Org / Mo | $1,000s+ | $1,000s+ | $9 |
| SSO Included | Enterprise Only | Add-on | Always Included |
| MFA Included | Limited on Free | Included | Always Included |
| Custom Domains | Paid Tier | Paid Tier | Always Included |
| Multitenant / Agency Model | Complex + Costly | Per-org pricing | Built-in. $9/org. |
| Infrastructure | AWS | AWS / GCP | Bare Metal (Hetzner/OVH) |
| Contract Required | Annual for discounts | No | No. Month-to-month. |
Pricing data based on publicly available information. Competitor prices vary by tier and region.
Integrate in Minutes
No sales calls. No credit card required. Just ship.
Step 1
Create a Galaxy
Sign up for free. Create your Galaxy or be invited to an existing partner's galaxy.
Step 2
Start a Solar System
Create an Organization for your project or client. Test all features, then $9/month unlocks all limits instantly.
Step 3
Add Your Planets
Register your apps. Each Planet gets its own client ID, redirect URIs, and token config. Unlimited Planets, no extra cost.
Step 4
Integrate & Ship
ZanAuth is designed to be transparent and simple, no SDK needed. Your users can log in within the hour. That's it. Seriously.
Quick Start — PHP SDK
comming soon
FAQ
Is there really no MAU limit? What's the catch?
There is no catch. Each Solar System ($9/mo) supports truly unlimited Users. We're able to do this because bare metal infrastructure has a radically different cost profile to cloud-hosted auth. We don't pay AWS egress fees on your behalf, so we don't need to pass them on to you.
What counts as a "Solar System"?
One Solar System = one isolated authentication namespace. Think of it as one Organization, one client, or one product line. Each has its own users, apps, SSO config, and branding. It's the only billable unit.
Can I white-label ZanAuth for my clients?
Yes. Each Solar System supports custom domains (e.g.
auth.client.com
), custom logos, colors, and email templates. Your
clients never need to see the ZanAuth brand if you
don't want them to.
Is this GDPR-compliant?
Yes. ZanAuth is built from the ground up for GDPR compliance regardless of the region. We believe privacy is a core pillar to the internet.
How is this different from self-hosting Keycloak or Authentic?
Self-hosting means you own the ops burden — upgrades, backups, incident response, TLS cert rotation, HA config. ZanAuth gives you the economics of self-hosting (flat cost, no MAU gates) with the reliability of a managed service (Uptime Target 99.99%, automatic upgrades, 24/7 infra monitoring). Your team ships features, not auth infra.
Can I migrate from Auth0 / Clerk / etc?
Yes. Migration tools are being built and will be self-service at no cost.
Unlimited users. Every feature unlocked.
No MAU tax. No annual contracts. No enterprise gatekeeping.
Free to explore · No credit card to start · First Solar System at $9 when you're ready to ship