English
  • Logto OSS
  • Logto Cloud

Auth provider: Logto OSS vs. Logto Cloud

Looking for an auth provider? Logto lets you choose between a managed SaaS (SOC2/HIPAA compliant, instant scaling) or a self-hosted open-source solution. Free trial & easy migration.

Ran
Ran
Product & Design

Stop wasting weeks on user auth
Launch secure apps faster with Logto. Integrate user auth in minutes, and focus on your core product.
Get started
Product screenshot

Here’s an overview of Logto’s two deployment options—open‑source (OSS) and managed cloud—so you can decide which best fits your project’s needs. We’ll cover what each offering is, compare their features, and guide you on choosing the right one for your team.

What is Logto?

Logto is a modern authentication and user identity platform designed to simplify authentication, authorization, and user management for developers. Whether you’re building a SaaS app, an internal tool, a customer-facing platform, or an AI agent, Logto handles the heavy lifting of secure sign-ins, step-up verification, account settings, fine-grained access control, user and organization management, and compliance, so you can focus on your core product.

With Logto, you can get:

  • Beautiful and out-of-the-box authentication flows (e.g., passwordless sign-in) with full customization.
  • Full support for OpenID Connect, OAuth 2.1, and SAML without protocol pain.
  • Flexible integration with 30+ popular frameworks, APIs, M2M, CLI tools, third-party services and identity providers.
  • Enterprise-grade security with MFA, SSO, CAPTCHA, RBAC, multi-tenancy isolation, and audit logs.
  • Works out-of-the-box for Model Context Protocol and agent-based AI architectures.

But how do you decide between Logto OSS (open-source) and Logto Cloud (managed service)? Let’s break it down.

What is Logto OSS?

Logto OSS (github.com/logto-io) is the open-source edition of Logto, available for free on GitHub. It’s designed for independent developers and teams who prioritize control, customization, and data ownership.

With Logto OSS, you:

  • Self-hosted: Deploy on your infrastructure (AWS, Kubernetes, etc.).
  • Full customization: Modify the codebase to fit unique workflows.
  • Data ownership: Keep user data entirely within your environment.

Logto OSS supports most core capabilities of the Logto service and is regularly updated and maintained.

However, some advanced features are currently exclusive to the Logto Cloud, including:

Ideal for:

  • Organizations with strict data residency needs.
  • Teams with DevOps resources to manage hosting and maintenance.
  • Developers needing deep customization of authentication flows.

What is Logto Cloud?

Logto Cloud (cloud.logto.io) is the fully managed SaaS solution, offering enterprise-grade features, global scalability, and turnkey compliance. Launch production-ready auth in minutes.

With Logto Cloud, you:

  • Zero infrastructure work: Instant deployment with automatic updates.
  • Enterprise compliance: SOC2, HIPAA, and BAA.
  • Global infrastructure: Data hosted in EU, US, Australia, and Japan. Contact us for more regions or private cloud.
  • Premium support: Private Slack/Discord channels, email tickets, developer onboarding, solution engineer, and SLAs.
  • Built-in cloud services:
    • 🔒 DDoS protection (Cloudflare + Azure Firewall).
    • 📧 Free email delivery (SendGrid).
    • 🚀 Non-SDK app integration via Logto Protected App (Cloudflare Workers).
    • 🔑 Custom token claims (Azure/Cloudflare).
  • Team & Tenant Management:
    • Full-featured free development tenant for testing.
    • Multi-tenant console with RBAC and member invitations.
    • Passwordless sign-in and MFA for console access.
  • Transparent Pricing:
    • Free plan: 50,000 MAU, basic auth, passwordless, user management.
    • Pro plan: $16/month + usage-based pricing for MFA, enterprise SSO, and advanced security.
    • Enterprise plan: Custom data residency, compliance reports, feature request, and premium SLAs.

Ideal for:

  • Startups, SMBs, Enterprises prioritizing speed and simplicity.
  • Teams without dedicated DevOps or security experts.
  • Projects requiring enterprise compliance and rapid scaling.

Which one should you choose?

The choice between Cloud and OSS depends on your needs:

  1. Choose Logto Cloud if…
    • You want to launch fast with zero maintenance.
    • You prefer predictable costs and hands-off scaling.
    • Compliance and security updates are a priority (Logto handles them).
  2. Choose Logto OSS if…
    • You need complete control over data and infrastructure.
    • Your team has the expertise to manage self-hosted solutions.
    • Free to use (only pay for your own infrastructure).

Logto Cloud and Logto OSS share the same codebase, offering transparency and security through open source. We're committed to keeping both aligned, so you can always be confident that Logto provides a solid foundation. This also means you can easily switch between Cloud and OSS if your needs change.

Quickstart tips:

  • 🔥 We recommend trying Logto Cloud's Development tenant first. It's totally free, no credit card needed, and fully featured for a quick demo of Logto.
  • 🔥 Logto supports migration (including user schema and password hashing) from other providers (e.g., Auth0, AWS, FirebaseAuth) or existing Logto Cloud/OSS services. Check out our User migration for details.
  • 🔥 Need help migrating between Logto OSS and Cloud? Welcome to contact us. Many of our clients have successfully made the switch.