2025 Firebase Authentication’s latest pricing explained and the best alternatives
This article provides an overview and breaks down the key details of Firebase Authentication. It covers what Firebase Auth is, a summary of its pricing, and the best alternatives to Firebase Auth.
Product & Design
What is Firebase Authentication?
Firebase is a backend-as-a-service (BaaS) platform by Google, offering tools to build and manage web and mobile apps. It simplifies backend development with features like real-time databases, cloud storage, authentication, hosting, and analytics, eliminating the need for custom infrastructure.
Firebase Authentication is a BaaS solution by Google, designed to simplify user authentication for web and mobile apps. It supports popular sign-in methods like email/password, phone authentication, social logins, and integrates with Firebase services like Firestore and Cloud Functions.
As a standalone service, Firebase Authentication can be used independently—no need to pay for or integrate other Firebase features if authentication is your sole focus. While powerful, it’s critical to understand its pricing model and limitations—especially as your app scales.
What features are included in Firebase Authentication?
- Email credential authentication:
- Allow users to sign up using their email address and password.
- Email passwordless login and verification:
- Login with email link
- Email address verification
- Password recovery
- Can use Firebase built-in email service or your own SMTP server.
- Phone passwordless login:
- Login with a mobile phone number and send verification code.
- Only can use Firebase built-in SMS service.
- Anonymous login:
- Authentication without requiring users to sign in first by creating temporary anonymous accounts. If the user later chooses to sign up, you can upgrade the anonymous account to a regular account, so the user can continue where they left off.
- Social login with prebuilt providers:
- Authenticate users by integrating with federated identity providers. Firebase provides Google, Facebook, Play Games, Game Center, Apple, GitHub, Microsoft, Twitter, Yahoo
- Custom federated identity provider for login:
- Support sign-in using SAML (web only) and OpenID Connect providers not natively supported by Firebase.
- Multi-Factor Authentication:
- Only support SMS for two-step verification.
- Custom templates
- Custom email templates for Email address verification, Password reset, Email address change, Multi-factor enrollment notification.
- Custom SMS templates for SMS verification.
- Advanced settings
- User account linking: Choose “Link accounts that user the same email” or “Create multiple accounts for each identity provider”.
- User actions: Enable or disable user creating account, deleting account, email enumeration protection.
- Sign-up quota: Limit the number of new Email/Password and Anonymous accounts that application can create in a day from a single IP address.
- Password policy: Adjust password complexity requirements for users login with email and password.
- Authorized domains: Whitelist the domains that the Firebase Authentication servers can redirect to after signing in a user.
- SMS region policy: Limit the use of SMS to specific regions.
- Blocking functions: Run custom code that modifies the result of a user registering or signing in to your app.
- User activity and audit logging
- Monitor and log administrative access and end-user activity.
- Cross-platform integration
- Offers SDKs and UI libraries for iOS+, Android, Flutter, Web, C++, and Unity, ensuring a consistent authentication experience across devices.
- User management
- Add / disable / delete users and reset password for users in Firebase console.
How does Firebase Authentication pricing work?
Firebase Authentication offers two plans: the Spark Plan (Free) and the Blaze Plan (Pay-as-you-go). You can use it independently of other Firebase services, but understanding its pricing structure is crucial to avoid hidden costs.
Key differences between plans
| Features | Spark Plan (Free) | Blaze Plan (Pay-as-you-go) |
|---|---|---|
| MAU limit | 50k | Unlimited |
| DAU limit | 3k | Unlimited |
| Email password | ✅ | ✅ (Tier 1) |
| Email passwordless via email link | ✅ | ✅ (Tier 1) |
| Social login with prebuilt providers | ✅ | ✅ (Tier 1) |
| Anonymous auth | ✅ | ✅ (Tier 1) |
| Custom OIDC providers | ❌ | ✅ (Tier 2) |
| Custom SAML providers | ❌ | ✅ (Tier 2) |
| Phone passwordless via SMS code | ❌ | ✅ (SMS sent cost) |
| Multi-Factor Authentication (SMS) | ❌ | ✅ (SMS sent cost) |
| Custom email/SMS templates | ✅ | ✅ |
| User account linking | ✅ | ✅ |
| User action | ✅ | ✅ |
| Blocking functions | ❌ | ✅ |
| User activity logging | ❌ | ✅ |
| Sign-up quota | ✅ | ✅ |
| Password policy | ✅ | ✅ |
| SMS region policy | ❌ | ✅ |
| Manage users | ✅ | ✅ |
| Multi-tenancy (Managed in Google Cloud) | ❌ | ✅ |
| Enterprise / SLA support | ❌ | ✅ |
Pricing Breakdown
| Spark Plan (Free) | Blaze Plan (Pay-as-you-go) | |
|---|---|---|
| Tier 1 (Email, Phone, Anonymous, Prebuilt Social) | Quota limits: Up to 50k MAU, 3k DAU, 100 million anonymous/month | MAU → Pricing: $0/MAU(0 - 50k), $0.0055 (50k - 100k), $0.0046 (100k - 1m), $0.0032 (1m - 10m), $0.0025 (10m+) |
| Tier 2 (OIDC, SAML) | Up to 2 DAU, 50 MAU | MAU → Pricing: $0 (0-49), $0.015 (50+) |
| Tier for SMS sent | ❌ | $0.01- $0.34/SMS sent, based on the region |
Here are examples from Firebase
| Authentication Type | Consumer App | Enterprise SaaS | Hybrid Service |
|---|---|---|---|
| Anonymous users | 5,000 | 0 | 1,000 |
| Email users with or without password | 70,000 | 45,000 | 60,000 |
| Social users from Google, Facebook, etc. | 150,000 | 0 | 70,000 |
| Sub-total | 225,000 MAU; 50,000 * 0 = $0; 50,000 * 0.0055 = $275; 125,000 * 0.0046 = $575; Sub-total: $850 | 45,000 MAU; 45,000 * 0 = $0; Sub-total: $0 | 131,000 MAU; 50,000 * 0 = $0; 50,000 * 0.0055 = $275; 31,000 * 0.0046 = $143; Sub-total: $418 |
| SMS cost | 1,300 to Region US ($0.01 per SMS) | 0 | 1,300 to Region CA ($0.01 per SMS) |
| Sub-total | 1,300 SMS sent; 300 * Free = $0; 1,000 * 0.01 = $10; Sub-total: $10 | $0 | 2,300 SMS sent; 300 * Free = $0; 2,000 * 0.01 = $20; Sub-total: $20 |
| Federated SAML users | 0 | 2,000 | 1,000 |
| Federated OIDC users | 0 | 75,000 | 9,000 |
| Sub-total | $0 | 77,000 MAU; 50 * 0 = $0; 76,950 * 0.015 = $1154; Sub-total: $1154 | 10,000 MAU; 50 * 0 = $0; 9,950 * 0.015 = $149; Sub-total: $149 |
| Total cost (monthly) | $860 | $1154 | $587 |
FAQs
- How does Firebase calculate MAUs?
A Monthly Active User (MAU) is any user who authenticates in a 30-day period. Anonymous users and social/email logins all count toward MAU limits. If a user logs in multiple times, they’re still counted as one MAU. Inactive users do not count toward MAU limits. - What are the hidden costs of Firebase Authentication?
- SMS fees (0.01–0.01–0.34 per message).
- SAML/OIDC costs ($0.015/MAU after 50 users).
- Scaling beyond 50k MAU increases Tier 1 pricing.
- Is Firebase Authentication suitable for enterprise use?
While it supports basic authentication, Firebase lacks advanced enterprise features like RBAC, organization management, and flexible MFA options. Consider alternatives like Logto.
Summary
- Spark Plan: Free for up to 50k MAU and 3k DAU, ideal for testing or small-scale projects.
- Blaze Plan: Pay-as-you-go with unlimited scaling, but costs can escalate quickly for B2C apps with high MAUs or SMS usage. Custom OIDC/SAML providers are expensive ($0.015/MAU).
When to use Firebase Authentication and its pros and cons?
Pros of Firebase Authentication
- Quick integration:
- Pre-built SDKs and UI libraries for iOS, Android, Web, and more reduce development time.
- Supports popular methods (email, social logins, phone) out of the box.
- Google-grade security:
- Built on Google’s infrastructure with TLS encryption and compliance certifications (GDPR, HIPAA).
- Scalable & cost-effective for small apps:
- Free tier (50k MAUs) suits startups and MVPs.
Cons of Firebase Authentication
- Limited enterprise features:
- No built-in RBAC, organization management, or advanced MFA (e.g., TOTP, biometrics).
- Enterprise SSO (SAML/OIDC) requires the Blaze Plan and costs $0.015/MAU.
- Unpredictable pricing at scale:
- SMS fees (0.01–0.01–0.34 per message) and SAML/OIDC costs add up quickly.
- No flat-rate pricing—costs scale directly with MAUs.
- Partial IAM coverage:
- Lacks native authorization, audit logs, or consent management, forcing reliance on third-party tools. And tight coupling with Google’s ecosystem makes migration to other platforms complex.
When to use Firebase Authentication?
- Early-Stage Apps: Ideal for prototypes or MVPs needing fast, free authentication.
- Google-Centric Workflows: Fits seamlessly if you already use Firebase/Firestore or Google Cloud.
- Low-Complexity Needs: Suitable for apps without enterprise SSO, granular permissions, or advanced security requirements.
When to look for alternatives?
- Enterprise Requirements: If you need RBAC, audit logs, or SAML/OIDC at scale (e.g., Logto offers these at flat rates).
- Budget Predictability: Avoid SMS/MAU-based costs for high-traffic apps.
- Advanced Security: Opt for tools with phishing-resistant MFA (WebAuthn) or passwordless magic links.
Firebase Authentication alternatives
Ory is an open-source authentication product but comes with high costs and an open-core model. For 10,000 users, pricing ranges from $1,249 to $1,595 per month, which can be a significant challenge for developers.
Clerk focuses on Next.js but lacks SDKs and examples for other languages. It doesn’t strictly follow OIDC standards, which can lead to integration issues and challenges in being enterprise-ready. It’s also closed-source and expensive. The cap is 10,000 MAUs, but it charges $100 for MFA and $1 per active organization beyond the 100-organization limit.
WorkOS specializes in Enterprise SSO, charging $125 per month per SAML connection. If your business doesn’t require scalable enterprise SSO, WorkOS could be a viable option.
Stytch scales costs quickly. It caps at 10,000 MAUs, but once you grow to 12,000, the cost jumps to $400, and at 15,000 MAU, it’s $1,000. This even doesn’t include the additional $99 branding removal fee, which adds to your monthly total.
Logto is a developer-first, open-source authentication platform (9k+ GitHub stars) designed to eliminate vendor lock-in while delivering enterprise-grade security. Its free tier includes role-based access control (RBAC), custom domains, and support for 50k monthly active users (MAUs)—ideal for startups and scaling apps. With SDKs for 30+ frameworks (React, Next.js, Python, etc.) and strict adherence to OIDC, OAuth 2.0, and SAML standards, Logto simplifies integration while ensuring compliance. It matches Auth0’s core features—MFA, enterprise SSO, and organization management—but at a fraction of the cost.
Logto’s Pro Plan ($16/month) offers unlimited MAUs and critical enterprise features Auth0 reserves for its top-tier plans, like back-channel logout and machine-to-machine organization access. Pricing is transparent and predictable:
- MFA: $48/month (TOTP, WebAuthn, Backup codes)
- Organizations (Multi-tenancy): $48/month (unlimited)
- Enterprise SSO: 48/connection(vs.WorkOS’48/connection(vs.WorkOS’125+)
For context, a SaaS app with 10k users, multi-tenancy, MFA, and 2 SAML SSO connectors, would pay for $208 per month.