Skip to main content
Mail, Security, and Support are liveLaunch notes

Own Your Auth.Own Your Security.

Secure identity. Protect every API.

Self-hosted identity and API gateway controls for teams that need secure sessions, tenant-aware routing, and server-side key handling — without trusting the browser with secrets.

Start building freeRead the docs
HIPAA ReadySOC2 PostureHttpOnly CookiesCSRF ProtectedOffline FriendlyAudit Ready
Self-hosted
Multi-tenant
White-label
Zero-trust
Edge-ready
API gateway
SSO / SAML
Security architecturePublic-safe overview — no secrets, no internal runbooks.

Public surfaces

Landing pages, docs, and support intake stay fast, branded, and safe for internet-facing visitors.

Authenticated control plane

Tenant-specific setup, operational flows, and sensitive examples live behind the main dashboard.

Gateway enforcement

Services sit behind centralized identity, policy, audit, and abuse controls instead of duplicating auth logic.

HttpOnly
CSRF-aware
Tenant scoped
Audit logged
Rate limited
GeoIP ready

Self-hosted

Deployment

Run in your controlled environment

HttpOnly

Sessions

Opaque cookies, memory-only UI state

Tenant-aware

Access

Context without trusting the browser

Audit-ready

Operations

Structured events for security review

Capabilities

Everything you need to manage APIs

From authentication to request governance, AuthDeep gives operators one controlled place to secure API access without leaking service secrets.

Zero-Trust Frontend

No service keys in browser code. Opaque cookie sessions keep auth material outside JavaScript.

Available from: Free

Zero-Trust Frontend helps enterprise teams centralize control, reduce duplicated security logic, and produce auditable operating evidence.

Zero-Trust Frontend can support ministries and public institutions that require controlled deployment, tenant separation, formal access policy, and traceable administration.

Server-Side Key Injection

Service credentials stay server-side at the gateway boundary. Frontend code never receives them.

Available from: Free

Server-Side Key Injection helps enterprise teams centralize control, reduce duplicated security logic, and produce auditable operating evidence.

Server-Side Key Injection can support ministries and public institutions that require controlled deployment, tenant separation, formal access policy, and traceable administration.

Enterprise SSO & Directory Sync

SAML 2.0, OIDC, LDAP / Active Directory sign-in plus SCIM provisioning from Entra ID, Keycloak, and other directories.

Available from: Starter

Enterprise SSO & Directory Sync helps enterprise teams centralize control, reduce duplicated security logic, and produce auditable operating evidence.

Enterprise SSO & Directory Sync can support ministries and public institutions that require controlled deployment, tenant separation, formal access policy, and traceable administration.

Passwordless & MFA

Magic links, WebAuthn passkeys, TOTP, and email OTP — with per-tenant MFA enforcement policies.

Available from: Starter

Passwordless & MFA helps enterprise teams centralize control, reduce duplicated security logic, and produce auditable operating evidence.

Passwordless & MFA can support ministries and public institutions that require controlled deployment, tenant separation, formal access policy, and traceable administration.

OAuth2 Authorization Server

Issue and manage OAuth2 / OIDC tokens for your own applications — AuthDeep acts as your identity provider.

Available from: Growth

OAuth2 Authorization Server helps enterprise teams centralize control, reduce duplicated security logic, and produce auditable operating evidence.

OAuth2 Authorization Server can support ministries and public institutions that require controlled deployment, tenant separation, formal access policy, and traceable administration.

New

AuthDeep Mail

Self-hosted webmail, transactional email, calendar, and contacts — identity and email under one roof.

Available from: Growth

AuthDeep Mail helps enterprise teams centralize control, reduce duplicated security logic, and produce auditable operating evidence.

AuthDeep Mail can support ministries and public institutions that require controlled deployment, tenant separation, formal access policy, and traceable administration.

Rate Limiting

Protect APIs with per-user and per-endpoint limits configured in the gateway.

Available from: Free

Rate Limiting helps enterprise teams centralize control, reduce duplicated security logic, and produce auditable operating evidence.

Rate Limiting can support ministries and public institutions that require controlled deployment, tenant separation, formal access policy, and traceable administration.

Real-time Analytics

Review request volume, errors, and latency trends from gateway telemetry.

Available from: Growth

Real-time Analytics helps enterprise teams centralize control, reduce duplicated security logic, and produce auditable operating evidence.

Real-time Analytics can support ministries and public institutions that require controlled deployment, tenant separation, formal access policy, and traceable administration.

Multi-service Routing

Route requests to multiple registered services through one policy-aware gateway.

Available from: Free

Multi-service Routing helps enterprise teams centralize control, reduce duplicated security logic, and produce auditable operating evidence.

Multi-service Routing can support ministries and public institutions that require controlled deployment, tenant separation, formal access policy, and traceable administration.

Permission-Based Access

Define access by tenant, role, method, and path without exposing private service credentials.

Available from: Free

Permission-Based Access helps enterprise teams centralize control, reduce duplicated security logic, and produce auditable operating evidence.

Permission-Based Access can support ministries and public institutions that require controlled deployment, tenant separation, formal access policy, and traceable administration.

Audit & Compliance

Every auth event and admin action recorded — exportable audit logs with retention up to 90 days for compliance reviews.

Available from: Free

Audit & Compliance helps enterprise teams centralize control, reduce duplicated security logic, and produce auditable operating evidence.

Audit & Compliance can support ministries and public institutions that require controlled deployment, tenant separation, formal access policy, and traceable administration.

IP & GeoIP Controls

Allowlist or block by IP range and country to restrict where your tenants can sign in from.

Available from: Starter

IP & GeoIP Controls helps enterprise teams centralize control, reduce duplicated security logic, and produce auditable operating evidence.

IP & GeoIP Controls can support ministries and public institutions that require controlled deployment, tenant separation, formal access policy, and traceable administration.

New

Security Intelligence

Built-in SSL/TLS scanner, HTTP security headers analyser, and DNSSEC chain validator — grade your infrastructure A+ to F from the dashboard.

Available from: Free

Security Intelligence helps enterprise teams centralize control, reduce duplicated security logic, and produce auditable operating evidence.

Security Intelligence can support ministries and public institutions that require controlled deployment, tenant separation, formal access policy, and traceable administration.

New

Support Portal

Tenant-isolated helpdesk with ticket management, knowledge base, AI-powered auto-response, and a public status page. Embed a chat widget on any site.

Available from: Growth

Support Portal helps enterprise teams centralize control, reduce duplicated security logic, and produce auditable operating evidence.

Support Portal can support ministries and public institutions that require controlled deployment, tenant separation, formal access policy, and traceable administration.

Dashboard

Operator-grade visibility without browser secrets

Inspect service routes, request activity, and access controls from a console designed for secure operations.

dashboard preview
Live
12%

Live

Request stream

3ms

Trend

Latency view

Policy

Rules

Access checks

2

Multi

Service routes

Connected Services

users-api
2.4M8ms
payments-api
890K12ms
search-api
1.2M6ms

Recent Requests

GET/api/users
2008ms
POST/api/payments
20145ms
GET/api/search
20012ms
PUT/api/users/123
20015ms

How it works

A safer path from browser to service

Three launch steps that keep credentials server-side while operators define tenant and service boundaries.

01

Register Your Backend

Register a service endpoint, store service credentials server-side, and define tenant-aware access rules.

  • Service catalog
  • Server-side credential handling
  • Tenant-aware policy
02

Grant User Access

Define public or restricted access per method and path. Set rate limits and usage quotas per user or team.

  • Role-aware access
  • Rate limits
  • Usage quotas
03

Call from Frontend

Use credentialed browser requests while AuthDeep keeps service credentials on the server side.

  • No browser secrets
  • Central gateway enforcement
  • Clean application response

Pricing

Per-service pricing, not per-seat

Pay for what you protect. Each plan has a production-sized user and mail capacity; organizations above 300 registered users are Enterprise workloads.

AuthDeep Mail

Mail is a first-class platform, not a small add-on

Mailbox access is bundled from Free. Growth adds transactional sending, DNS health, deliverability, and policy controls; Scale and Enterprise add advanced security and analytics.

Growth

Webmail, compose, templates, transactional API, DNS dashboard, and core anti-spam controls.

Scale

Advanced analytics, security scans, quarantine, reputation, Calendar, and Contacts.

Enterprise

Unlimited and dedicated operation, air-gapped deployment, longer retention, and contractual support.

Billing options

Free Forever

$0/mo

Evaluate AuthDeep with no commitment. 2 services, full local auth stack.

2 services · 5 users · 5 mailboxes / 1 GB · 1-day audit logs

Get started free
  • 2 gateway services
  • 5 users
  • AuthDeep Mail: 5 mailboxes · 1 GB
  • Local auth (email + password)
  • MFA — TOTP & email OTP
  • Social login (OAuth2/OIDC)
  • API key management (CAK/SAK)
  • 5 API keys
  • 1-day audit log retention
  • Security Intelligence (SSL + Headers)
  • Support Portal (community queue)
  • Magic link / Passkeys
  • LDAP / SAML 2.0
  • SSO / OIDC IdP
  • Custom domain
SupportCommunity
SLANone

Starter

$39/mo

Limited offer Original price: $59/mo

Billed monthly. No annual commitment.

Small teams standardising identity. LDAP, SAML, and passkeys included.

10 services (+$4/extra) · 25 users · 25 mailboxes / 1 GB · 7-day audit logs

Start Starter
  • 10 gateway services (+$4 each)
  • 25 users
  • AuthDeep Mail: 25 mailboxes · 1 GB
  • Local auth + MFA + Social
  • Magic link (passwordless)
  • LDAP / Active Directory
  • SAML 2.0 SP
  • WebAuthn / Passkeys
  • IP allowlist/blocklist
  • 7-day audit log retention
  • Security Intelligence (SSL + Headers)
  • Support Portal (email support)
  • Directory Sync (SCIM)
  • Custom domain
  • GeoIP restrictions
SupportEmail
SLA99.5%
Most popular

Growth

$99/mo

Limited offer Original price: $119/mo

Billed monthly. No annual commitment.

Product teams protecting real workloads. Up to 2 enterprise SSO connections.

30 services (+$3/extra) · 100 users · 100 mailboxes / 5 GB · 5 tenants

Start Growth
  • 30 gateway services (+$3 each)
  • 100 users
  • Everything in Starter
  • 2 SSO / OIDC IdPs (+$25 each extra)
  • Directory Sync (SCIM, Entra, Keycloak)
  • OAuth2 Authorization Server
  • AuthDeep Mail: 100 mailboxes · 5 GB · transactional API
  • Custom domain + GeoIP restrictions
  • Webhooks, analytics & custom roles
  • Audit log export · 14-day retention
  • Security Intelligence + DNSSEC
  • Support Portal + Status Page
  • Priority support queue
  • White-label (logo, colors, CSS)
  • Advanced rate limiting
SupportPriority email
SLA99.9%

Scale

$199/mo

Limited offer Original price: $249/mo

Billed monthly. No annual commitment.

Growing businesses with multi-tenant needs, AuthDeep Mail, and scheduled Security Intelligence scans.

50 services (+$2/extra) · 300 users · 300 mailboxes / 10 GB

Start Scale
  • 50 gateway services (+$2 each)
  • 300 users
  • Everything in Growth
  • 10 SSO / OIDC IdPs (+$18 each extra)
  • Unlimited tenants
  • Support Portal + AI Auto-Response
  • White-label (logo, colors, CSS)
  • Advanced rate limiting
  • Observability (Prometheus metrics)
  • Calendar & Contacts modules
  • AuthDeep Mail: 300 mailboxes · 10 GB
  • 30-day audit log retention
  • Scheduled + bulk security scans
  • Air-gapped / offline deployment
  • Dedicated CSM · 99.99% SLA
SupportPriority
SLA99.9%

Enterprise

Custom

Unlimited services, AuthDeep Mail and Security Intelligence, self-hosting, support, and a contractual SLA.

Unlimited users · Unlimited mailboxes · Unlimited storage · 90-day audit logs

Talk to sales
  • Unlimited gateway services
  • Unlimited users
  • Everything in Scale
  • Unlimited SSO / OIDC IdPs
  • Dynamic multi-provider IdP management
  • Air-gapped / offline deployment
  • 90-day audit log retention
  • Dedicated Customer Success Manager
  • Custom SLA contract (99.99% uptime)
  • Security review & pen-test support
  • HIPAA / SOC2 deployment guidance
  • Custom SAML / OIDC integrations
  • Unlimited Security Intelligence scans
SupportDedicated CSM
SLA99.99%
Current billing: Plans are activated manually after invoice confirmation — self-service checkout is on the roadmap. Monthly, annual-prepay, and one-year monthly commitment terms are available. Contact sales →

Startup program

Eligible startups get Starter free for 6 months

Early-stage startups can apply for 6 months of Starter at no charge. Additional discounts may be approved for funded startups, accelerators, nonprofits, and public-interest projects after a manual review.

Startup discounts are not automatic, cannot be stacked with every promotion, and require a one-year commercial plan before production expansion.

Apply for startup pricing

Pricing FAQ

What counts as a service?

Each protected route or API proxy target in AuthDeep's service registry counts as one service.

What counts as an SSO / IdP connection?

Each SAML IdP or enterprise OIDC provider configured under a tenant. Social providers (Google, GitHub, etc.) do not count.

Can I upgrade mid-cycle?

Yes. Contact us and we change the plan immediately; billing is pro-rated manually.

How do annual discounts work?

Annual prepay is 30% off the current monthly offer. A one-year commitment billed monthly is 10% off the current monthly offer.

Do startups get a discount?

Eligible startups can receive Starter free for 6 months, with possible additional discounts after manual review.

What happens after a startup grant ends?

The account can renew on a paid plan, move to an approved discounted term, or roll to Free plan limits. No data is deleted.

Can I run AuthDeep without internet access?

Yes. Enterprise self-hosted licensing works offline with no call-home requirement.

How is billing handled today?

Billing is manual today: you contact us, receive an invoice, and the plan is activated on payment confirmation. Self-service checkout is on the roadmap.

Ready to secure your APIs?

Review the security model, map your tenant and service boundaries, then launch with controls that keep secrets out of browser code.

Start rollout planningRead the Docs