Authr
NewIdentity for AI agents is here

Identity infrastructure for software that cannot fail

Authr is the enterprise identity layer — single sign-on, directory sync, adaptive MFA, and fine-grained authorization. 5.2 billion authentications a month. 99.999% uptime, in the contract.

ENTERPRISE-ONLY · SOC 2 TYPE II · ISO 27001 · 99.999% SLA
Live authentication fabric
JWTJWTJWTJWTOktaSAML 2.0Microsoft EntraOIDCGoogle WorkspaceOIDCPing IdentitySAML 2.0On-prem LDAPBridgeWeb application@authr/nextjsNative mobilePKCEPublic APIM2M tokensAI agentsScoped grantsIDENTITY PROVIDERSYOUR SURFACES
sso.saml.assertion_verified12ms
sso.oidc.code_exchanged11ms
session.revoked.admin6ms

Trusted by the enterprises your enterprise trusts

MERIDIAN
halcyonhealth
northcell
Vantage
POLARIS
COPPERLINE
Ardent®
bluepeak
Ostrava
FERROSTATE
MERIDIAN
halcyonhealth
northcell
Vantage
POLARIS
COPPERLINE
Ardent®
bluepeak
Ostrava
FERROSTATE
5.2B
Authentications processed monthly
99.999%
Contractual SLA, measured monthly
38ms
Global p99 token issuance latency
1,400+
Enterprise customers
The Platform

Everything identity. Nothing improvised.

Six systems, one fabric. Each one deep enough to be a product; together, the identity layer your security review has been asking for.

The Console

Your identity program, on one pane of glass

Every organization, connection, policy, and session — observable and governable from a console your IT admins will actually enjoy.

console.authr.com/overview
Overview
meridian-bank · all environments
Authentications · 24h
182,449,301
+4.2%
Success rate
99.987%
+0.003
Active sessions
38.1M
+1.1%
Passkey coverage
78.4%
+0.8%
Authentication volume
UTC
OrganizationConnectionUsersStatus
Meridian BankOkta · SAML84,120healthy
Halcyon HealthEntra ID · OIDC51,882healthy
NorthcellPing · SAML112,406healthy
CopperlineGoogle · OIDC23,551syncing
Ardent FinancialOn-prem LDAP9,014healthy
For Engineers

A decade of identity edge cases, behind one clean API

SDKs for every stack your teams run, tokens signed with EdDSA and rotated without downtime, JWKS cached at 34 edge regions. The standards, implemented the way the RFC authors intended.

  • OIDC-certified endpoints, PKCE enforced by default
  • First-class SDKs: TypeScript, Python, Go, Java, Ruby, .NET
  • Zero-downtime signing key rotation, automated quarterly
  • Drop-in components or headless — your UI, your rules
Read the platform overview →
1import { withAuthr } from '@authr/nextjs';
2 
3// Session, org, and roles — verified at the edge
4export default withAuthr(async ({ session }) => {
5 const { user, org } = session;
6 
7 if (await session.can('reports:export')) {
8 return exportReports(org.id);
9 }
10});
Security Posture

Built by people who assume they're being attacked

Identity infrastructure is the highest-value target on the internet. We operate accordingly — and publish how.

Encryption without exceptions

AES-256-GCM at rest, TLS 1.3 in transit, EdDSA-signed tokens. Keys live in HSMs and rotate on a zero-downtime schedule.

Adversarial by default

Continuous red-team engagements, quarterly third-party penetration tests, and a public bug bounty with a 24-hour triage SLA.

Blast-radius engineering

Cell-based isolation per customer tier. A failure in one cell cannot reach another — by architecture, not by policy.

Humans removed from the loop

Production access is just-in-time, peer-approved, hardware-key gated, and recorded. Standing credentials don't exist here.

Read the full security overview →
Uptime · trailing 12 months
99.9994%
Bounty paid to date
$2.4M
SOC 2
Type II, audited annually since 2023
ISO 27001
Certified, incl. 27017 & 27018
HIPAA
BAA available on all enterprise plans
PCI DSS
Level 1 Service Provider
FedRAMP
Moderate — In Process (2026)
GDPR
EU data residency, SCCs, DPA
Global Fabric

Closer to your users than their own data center

Token issuance, session checks, and policy decisions run in 34 edge regions. Your users authenticate against the metal nearest to them — not a region on the other side of an ocean.

North America26ms
11 regions · p99 issuance
Europe24ms
9 regions · p99 issuance
Asia Pacific33ms
8 regions · p99 issuance
South America41ms
3 regions · p99 issuance
Middle East38ms
2 regions · p99 issuance
Africa47ms
1 region · p99 issuance
We migrated 84,000 employees and 130 federated partners off a homegrown SSO stack in eleven weeks. Auth incidents since: zero. Our board asked why we didn't do it years ago.
RA
Rebecca Alvarez
Chief Information Security Officer, Meridian Bank
Read the Meridian case study
From the Journal

Notes from the people holding the keys

All writing →

Your security review will ask about identity. Have the good answer.

Talk to an identity architect about your stack, your compliance surface, and your migration path. Technical from the first call.

Enterprise only · No self-serve tier · Typical procurement to production: 6 weeks