Customized Support is coming! Participate in the Ory Open Source Support Survey for Self-Hosted Users

If you're looking for a secure and reliable way to manage user authentication, permissions, and more, you may have heard of Ory. Did you know that there are two ways to use Ory?

In this article, we'll explore the differences between Ory Network and self-hosting Ory Open Source, and help you decide which option is right for you.

Ory Network and Ory self-hosted

Before we dive into the differences, let's take a quick look at what the Ory Network and self-hosting Ory open source means.

Ory Network is a global infrastructure that uses Ory Open Source to deliver various services and APIs such as login, permissions, OAuth2, and more. Ory Network spans several global regions to deliver a fast service anywhere in the world. Use Ory Network to take advantage of the power of open source and all the features and benefits built on top by the Ory team, as well as continuous updates, support, and security.

Self-hosting Ory means to use the foundational building blocks of the Ory Network, the (Ory Kratos Identity Server, the Ory Hydra OAuth2 Server, and the Ory Keto Permission Server) and build authentication and authorization systems yourself. Self-hosting Ory Open Source is a great way to explore and experiment with security software, learn more about open source software development, and participate in the building the new login.

Feature differences

When deciding between the Ory Network and self-hosting, it's essential to know what features are available in each option. The following table summarizes the feature differences:

FeatureOry NetworkSelf-Hosting
Security & compliance
GDPR-compliant data storage⚠️
SOC2 T2 & ISO 27k certification⚠️
Automatically OpenID certified
PII region storage selection⚠️
Intelligent PII data homing
Brute force & DoS protection⚠️
Suspicious IP throttling⚠️
Breached password detection
OAuth2 Verifiable Credentials
OAuth2 Resource Owner Password Grant
Services and APIs
Identity and user management APIs
Low latency edge authentication
Permission APIs
Passwordless login
SMS verification and MFA⚠️
Password login
Social sign in
Machine-to-machine auth
Multi-factor authentication
OAuth2 and OIDC APIs
Search API
Organizations & B2B SSO
One-click SAML SSO⚠️
User management
Custom profile fields
Account linking
(Bulk) user import
User interfaces
Administrative user interface
Configuration management interface
No-code self-service pages
Themeable self-service pages
User activity insights
Live analytics and insights
Analytics and events UI
Integration and SDKs
Ory CLI tools
Backwards compatibility guarantee
SDKs for popular programming languages
Operations and deployment
Multi-regional deployments
Zero-downtime upgrades and migrations
Configuration management via API
Configuration management via files
Log access🔭
Organization and multi-tenancy
Multitenancy (prod, staging, dev)⚠️
Team management
Organization management
Customer-facing multi-tenancy
Support & Maintenance
Community support
Automatic updates to the latest version⚠️
Zero-downtime migrations⚠️
24/7 on-call incident support⚠️
Private ticketing system
Concierge migration support


  • ⚠️: your responsibility
  • ✅: solved
  • ❌: not available
  • 🔭: planned

When it comes to choosing between Ory Network and self-hosting Ory, there are several key differences to consider. Ory Network offers a range of features that are not available in the open source stack, including compliance and certifications, user-friendly interfaces, and advanced analytics and insights systems. These features are specifically designed for the Ory Network infrastructure, making it a comprehensive and convenient solution for businesses looking to implement a fully featured IAM (Identity and Access Management) and auth system.

On the other hand, the open source stack provided by Ory offers the powerful and efficient APIs that form the backbone of Ory Network. However, running an auth system in production requires more than just APIs - it also requires a deep understanding of security requirements and solid infrastructure to ensure a professional and scalable solution. This is where Ory Network shines, providing businesses with a complete IAM and auth stack that is based on open source technology, yet offers the added benefits of compliance, user interfaces, and advanced analytics. By choosing Ory Network, companies can enjoy the best of both worlds - the flexibility, openness, and customizability of open source technology, combined with the convenience and professional features of a fully managed solution.


Ory only offers support services for self-hosted instances of its software in rare cases.

Here's why:

  • Incident response: When self-hosting, Ory's incident response team has no access to the companies infrastructure. The time it takes to resolve incidents thus increases significantly if Ory Engineers need to be involved. What could be solved in minutes on Ory Network, has to go through several communication channels, back and forth when Ory is self-hosted on the companies infrastructure.
  • Release process: Ory Network releases new features and updates on a daily basis, while open source releases are quarterly. This allows Ory to maintain the highest standards of security, reliability, and performance. With self-hosting, companies have to manage upgrades, which can be time-consuming and can lead to running in production on outdated versions, which can lead to performance issues and potentially even security vulnerabilities.
  • Upgrade fatigue: Based on open source telemetry data, less than 10% of all Ory open source deployments run on a recent and supported version, while 90% of deployments run on outdated versions that may have known vulnerabilities such as patched Golang CVEs. This puts businesses and their customers at risk of security breaches and performance issues. Ory Network eliminates upgrade fatigue by providing automatic upgrades and ensuring that all deployments are running on the latest and most secure version of Ory open source.
  • Expertise: Ory engineers are experts when it comes to running Ory software. They have the experience and knowledge to manage and troubleshoot issues quickly and efficiently. With self-hosting, companies have to train staff and build up expertise in-house or hire additional third parties to manage the software.

Save time using Ory Network

When you use Ory Network, you save a significant amount of time that would otherwise be spent on setting up infrastructure, maintaining it, and upgrading the software yourself. The following estimates are based on what we have observed since Ory was founded in 2015. Note that an exact time estimate heavily depends on the details of your use case.

Get more done

Self-hosting takes longer than using Ory Network for several reasons:

  1. Initial setup: Setting up infrastructure and configuring it for production use can be time-consuming, especially if you're not familiar with the tools and technologies involved.
  2. Maintenance and monitoring: Once the solution is up and running, monitor it 24/7 to ensure that it is performing as expected and to deal with any issues that may arise. This can be a significant ongoing time commitment. On Ory Network you can rest assured knowing that our team of experienced engineers is handling maintenance and monitoring for you, freeing up your time to focus on other important tasks.
  3. Upgrades: Upgrades can be time-consuming, especially if there are breaking changes that require you to update your configuration and code. This is particularly true if you are running on an older version of the software and need to catch up with several releases at once. On Ory Network automatic updates have you running on the latest versions always.
  4. UI and API development: If you need to develop user interfaces or integrate with the software's APIs, this can add significant development time to your project.
  5. Migration: Migrating a live auth system can be a complex process. On Ory Network you can instead rely on an experienced team of engineers that get you up and running in concierge onboarding sessions.

Estimated time savings

The following table shows estimated time savings when using the Ory Network compared to setting up and maintaining the software yourself:

Self-hostingOry Network
Set-UpContinuous effortSet upContinuous effort
Monitoring and alerting1-14 days365 days / yearAvailableNone
Disaster recovery1-8 hours1 week / yearOut of the boxNone
Configuration management and continuous deployment1-5 daysNot applicableOut of the box in Ory ConsoleNot applicable
Software upgrades0h2-4 weeks / yearNot neededNone
User-facing UIs1-4 weeks2 weeks / yearOut of the boxNone
Administrative UIs2-4 weeks2 weeks / yearOut of the boxNone
Admin API access control1-2 days1 day / yearOut of the boxNone
New site/service~1-2 daysNone~1-10 hoursNone
Migration site/service to Ory~2-4 weeksNone~1-2 weeksNone

Cost Savings when Using the Ory Network

Choosing Ory Network over self-hosting can also result in significant cost savings. When you self-host, you're responsible for infrastructure costs such as EC2 instances and Postgres AuroraDB, as well as ongoing expenses like continuous monitoring, alerting, and traffic costs. With Ory Network, these costs are already included in our subscription plans. This means that you can focus on building your product without worrying about the hidden costs of infrastructure and maintenance.

While these numbers are rough estimates and heavily dependent on the use case and cost optimization, choosing Ory Network can help you save both time and money compared to self-hosting.

1-1,000 Daily Active Users/Machines

For a site with less than 1,000 active users/machines (regardless of what Ory service you use), two virtual machines for failover, each with 2 vCPUs and 4GB of RAM to run up to three Ory services, and one small sized PostgreSQL instance with 100GB would be needed.

According to the AWS price calculator, this sums up to about $2,080.76 per year.

On the other hand, with the Ory Network Production Plan, these resources are included, along with development/staging projects, continuous monitoring, alerting, traffic, and metrics for only $770 per year.

Self-hostingProduction Plan
Compute2x AWS EC2 2vCPU, 4GB RAM, 50GB SSD$918.72 / year$0 / year
Database1x AWS RDS Postgres 2vCPU, 4GB RAM, 100GB SDD$879.96 / year$0 / year
API GatewayAWS API Gateway$44.52 / year$0 / year
Load BalancerAWS Load Balancer$237.48 / year$0 / year
OperationsMonitoring, logs, alerting (e.g. Datadog)Depends on solution$0 / year
Total> $2,080.76 / year$770 / year
Cost savings> 40%

1,000-20,000 Daily Active Users/Machines

For a site or application with 1,000 to 20,000 daily active (machine) users, self-hosting Ory open source becomes more expensive. Self-hosting at this scale requires more virtual machines for failover and a larger database instance, resulting in higher costs. With the Ory Growth Plan, you get a cost-effective solution that is easier to set up, manage, and scale.

According to the AWS price calculator, this sums up to about $14,167.78 per year.

For businesses with 1,000-20,000 daily active users/machines, we recommend the Ory Growth Plan for $9350 per year as the cheaper and better option. This plan includes everything in the Essentials Plan, plus additional features such as enterprise-grade support, a dedicated account manager, and priority bug fixes.

Self-hostingGrowth Plan
Compute4x AWS EC2 4vCPU, 8GB RAM, 50GB SSD$4,695.48 / year$0 / year
Database2x AWS RDS Postgres 4vCPU, 16GB RAM, 500GB SDD$8,780.76 / year$0 / year
TrafficIn- and egress$445.44 / year$0 / year
OperationsMonitoring, logs, alerting (e.g. Datadog)$246.12 / year$0 / year
Total$14,167.78 / year$9350 / year
Cost savings> 65%

Over 100,000 Daily Active Users/Machines

When dealing with a website or application that has over 100,000 daily active users, self-hosting becomes even more complicated and expensive. Here are some reasons why:

  1. The cost of compute and self-hosting explodes further because you need one highly available deployment (at least 4 nodes) in every region. This means that you will need a lot more virtual machines to run your application.
  2. You need a multi-region capable database. A multi-region capable database such as Spanner is needed to ensure that data is consistent and available in every region.
  3. Multi-region setup is only available in the Ory Network due to the software and architecture complexity and reliance on third-party service providers such as Cloudflare and CockroachDB.
  4. We recommend reaching out to us directly. We are committed to finding a solution that fits your needs - both on the technology and the commercial side. Ory Network platform provides you with the resources and support you need to handle a large user base.

How Ory achieves these savings

Ory Network achieves cost savings through several factors, including economies of scale, efficient multi-tenancy, and optimized design. By serving a large number of customers, we're able to spread infrastructure costs across many users, resulting in lower expenses for everyone. Our custom code also allows us to run multiple tenants on shared resources more efficiently, further reducing costs.

In contrast, self-hosting can be expensive and time-consuming. When businesses self-host, they need to purchase or rent their hardware and set up infrastructure, which can be a significant upfront investment. They also need to manage the infrastructure themselves, including updates, security, and maintenance. This requires an experienced team and/or other third party services. These ongoing costs can add up quickly.

In contrast, Ory Network provides a turnkey solution that eliminates the need for businesses to manage their infrastructure. We take care of hardware, software, security, and maintenance, allowing businesses to focus on their core competencies instead of worrying about IT operations. This can result in significant cost savings, especially for smaller businesses or those without dedicated IT resources. By choosing Ory Network, businesses can save time, reduce costs, and improve their overall identity and access management solution.


Have questions about Ory Network or need help with your identity and access management solution?

Reach out to our team of experts!

Never miss an article - Subscribe to our newsletter!