Invite Team Members

It is now finally possible for project owners to add team members to their Ory Cloud Project through an email invite. Invited members will automatically be assigned the developer role with the necessary permissions to be productive. The developer role prevents members from conducting any destructive task and from creating more invites for security reasons.

Invites are ephemeral with an expiry time of 6 hours from creation. But don't worry, once an invite has expired the project owner can easily create another. We also implemented invite links to be reusable until it has been linked to an active Ory account so that email clients following links won't invalidate the link.

For more information on these changes, please see the Ory documentation

Billing Changes

  • first paid plan: start-up
  • includes 1 CNAME domain
  • two billing options: 18$/m and 180$/year
  • yearly billing saves 24% ((12*18)-180) / (12*18)

100% Ory Kratos Compatibility

Ory Cloud is now fully compatible with the open source Ory Kratos configuration! That means you can now configure:

  • Hooks such as require_verified_address, session, revoke_active_sessions;
  • Add web hooks to perform HTTP RPC calls when e.g. an identity signs in or changes their password;
  • Configure social sign in with Google, GitHub, ...;
  • Customize E-Mail senders and use your own E-Mail SMTP server;
  • Make fine-grained changes to the password policy;
  • Have full control over WebAuthN, TOTP, and other MFA configuration items;

Please be aware that these features are only available via Ory's APIs right now and not via the Ory Cloud Console.

First-time User Experience

We're making it easier than ever to get started with Ory Cloud Console. We've added a first-time user experience right after sign-up, that helps you set up your first project. Based on your project's plan, that's also followed up with a quickstart designed for you to hit the ground running before going to your dashboard.

Making the Ory Cloud Console easier to use is a continuous effort that we will pay special attention to going forward, so expect more changes like this one in the future!

Network Policies and Cilium

  • Network level security: with the introduction of network policies we were able to reduce potential attack vectors resulting from malicious actors providing compromised configuration into the system.
  • New networking module: with the adoption of Cilium, and Google Dataplane v2, the Ory Network should be more resilient to network based latency and scalability.
  • Real time tracing and monitoring: as a port of Cilium, we have introduced a new monitoring tool - Hubble, which allows real time monitoring of network traffic. This allows administrators to observe the traffic and react to it if necessary.

API-Gateway

We replaced ingress-nginx with Gloo Edge acting as the new API-Gateway. This brings the following improvements to Ory Network and make it easier and faster to tailer the ingress & requests processing to our needs in the future.

  • Improve performance & lower latency: We are seeing lower latency and in initial tests better throughput in our monitoring. This makes us confident that we can further improve the performance while at the same time adding more features to Ory Network.
  • We added support to introduce Rate-Limits based on Subscription Plan. We want to use the next few weeks to monitor the usage patterns and adjust the configuration so we can define and discuss our future subscriptions plans with you.
  • Simplified configuration: With the switch to Gloo / Envoy we were able to streamline the configuration of our "ingress" layer in Kubernetes which makes our live easier and should lead to more features in a shorter time for you ;)
  • Improved security by starting to enforce CSP policies
  • More detailed observability right now is more an internal benefit, but will allow us in the future to expose e.g. detailed information on the number of API requests for your projects in relation to the limit of your subscription plan.