Single sign-on for every application

One login.
Every app.
Zero friction.

AuthLayer is a multi-tenant identity provider built on OAuth2 and OpenID Connect. Add "Sign in with AuthLayer" to any application in minutes — manage your organisation's users, apps, and permissions from one dashboard.

Free for development · Standards-based OAuth2 + OIDC · Your users, your data

  • OAuth2 Authorization Code flow with PKCE
  • OpenID Connect with standard claims
  • Token introspection for resource servers
  • JWKS endpoint for stateless JWT verification
  • Multi-tenant: every organisation is its own directory
  • Role-based access with granular permissions
  • MFA-ready user accounts

Everything you need to authenticate. Nothing you don't.

Standards-based SSO that works with any application — web, mobile, or API. Set up in minutes, not months.

Authorization Code Flow

Standard OAuth2 for web applications, with PKCE support for public clients. Secure redirect-based authentication.

Client Credentials

Service-to-service authentication without user interaction. Ideal for backend integrations and microservices.

OpenID Connect

ID tokens with standard claims — sub, email, name, and more. Full OIDC Discovery and UserInfo endpoints.

Token Introspection

Resource servers can verify tokens in real-time without shared secrets. RFC 7662 compliant.

Developer Dashboard

Register applications, manage client secrets, configure redirect URIs — all from a clean, intuitive portal.

Multi-Tenant Directories

Every organisation is its own isolated directory. Manage users, roles, and applications per tenant — like Active Directory in the cloud.

Scoped Permissions

Fine-grained OAuth scopes control what each application can access. Members, developers, and administrators get different capabilities.

JWKS Endpoint

Publish your public keys at a well-known endpoint. Resource servers verify JWTs without calling back to AuthLayer.

Built for the Layer Family

Native integration with SupportLayer and ProjectLayer. One identity across all your tools — or use it standalone with any app.

Up and running in three steps

1

Register your application

Create an organisation, then register your app in the developer dashboard. You'll get a client_id and client_secret instantly.

2

Redirect users to AuthLayer

Send users to the /oauth/authorize endpoint. They sign in once and approve your app. AuthLayer handles the rest.

3

Exchange the code for tokens

Your backend calls /oauth/token with the authorization code. You get an access token and an optional ID token with user claims.

$0.01 per active user — first 25K free

Simple pricing. No surprises.

One rate. No tiers. No per-connection fees. Calculate your bill in your head, not a spreadsheet.

vs Clerk 50% less
vs AWS Cognito 33% less
vs Auth0 89% less
Free
$0 /month

For side projects and validation. No credit card required.

Get started free
  • 25,000 monthly active users
  • All auth methods — social, email, passkeys
  • Multi-factor authentication
  • OAuth2 + OpenID Connect
  • Community support
  • 3 team seats
Enterprise
Custom

For teams that need compliance, SLAs, and dedicated support.

Talk to sales
  • Volume discounts from $0.006/MAU
  • Advanced SSO & federation
  • SCIM provisioning
  • SOC 2 Type II & HIPAA BAA
  • 99.99% uptime SLA
  • Dedicated account manager
  • Custom contracts & invoicing

Security you can trust

Strong password hashing

Passwords hashed with bcrypt/argon2 — industry-standard adaptive hashing that resists brute force.

HTTPS everywhere

All endpoints enforce HTTPS. Tokens are never transmitted in the clear.

Short-lived tokens

Access tokens expire in one hour. Refresh tokens rotate on every use. Compromised tokens have a short blast radius.

PKCE for public clients

Proof Key for Code Exchange prevents authorization code interception on mobile and SPA applications.

Rate limiting

Login, registration, and token endpoints are rate-limited to prevent credential stuffing and abuse.

Per-org MFA policy

Organisation administrators can require multi-factor authentication for all members. Optional by default, mandatory when you need it.

Frequently asked questions

What is AuthLayer?

AuthLayer is a multi-tenant OAuth2 and OpenID Connect identity provider. It lets organisations manage users and register applications for single sign-on — similar to Azure AD or Auth0, but built for the Layer ecosystem.

How do I integrate my application?

Register your app in the AuthLayer dashboard to get a client_id and client_secret. Then implement the standard OAuth2 Authorization Code flow — any OAuth2 library in any language will work.

Is AuthLayer free?

Yes. The free plan includes up to 5 user seats per organisation and unlimited OAuth applications. The Pro plan adds more seats and advanced features.

What standards does AuthLayer support?

OAuth 2.0 (RFC 6749), OpenID Connect Core, PKCE (RFC 7636), Token Introspection (RFC 7662), and JSON Web Key Sets (RFC 7517).

Can I use AuthLayer with non-Layer applications?

Absolutely. AuthLayer is a standards-based SSO provider. Any application that supports OAuth2 or OpenID Connect can use it — regardless of language, framework, or platform.

How does multi-tenancy work?

Each organisation is a separate tenant with its own user directory, roles, and OAuth applications. Users can belong to multiple organisations and switch between them.