SaasKit

The Auth Stack for B2B SaaS Apps

Choose the complete identity layer with org-aware user management and built-in RBAC. Or start modular with just SSO
Start for free
Talk to an engineer
Trusted by growing teams worldwide

Org-aware user management and access control

Per-org user isolation, role assignment at join, and access control that lives in the token
Get started
Multi-tenant User management
Single identity across auth methods
Roles and Permissions
Custom roles Per Tenant
Every org runs its own auth policy
Every org is isolated by default. Auth methods, MFA requirements, JIT provisioning rules, and session settings are configured per org
Multi-tenant
Org metadata
Domain routing
Same user, however they log in
Users signing in through Google, magic link, or enterprise SSO always resolve to one identity. Same org membership, same roles, even if they switch auth methods
Identity deduplication
Multi-method login
Single user record
Roles at join. Token-enforced
Every org member gets a default role on join. Roles evaluate within the active session, no static permission checks or middleware logic. Access is enforced right in the token
Default roles
Session-embedded
Org-aware
Custom roles & permissions
Define roles and permission sets per org, per org type, or per custom metadata, configured from the dashboard, reflected directly in the session token. No code changes
Custom roles
Dashboard config
Per-org roles
Every org runs its own auth policy
Every org is isolated by default. Auth methods, MFA requirements, JIT provisioning rules, and session settings are configured per org
Multi-tenant
Org metadata
Domain routing
Same user, however they log in
Users signing in through Google, magic link, or enterprise SSO always resolve to one identity. Same org membership, same roles, even if they switch auth methods
Identity deduplication
Multi-method login
Single user record
Roles at join. Token-enforced
Every org member gets a default role on join. Roles evaluate within the active session, no static permission checks or middleware logic. Access is enforced right in the token
Default roles
Session-embedded
Org-aware
Custom roles & permissions
Define roles and permission sets per org, per org type, or per custom metadata, configured from the dashboard, reflected directly in the session token. No code changes
Custom roles
Dashboard config
Per-org roles

Scalekit's flexibility and speed made implementation a breeze. We got secure, scalable, passwordless auth and have the option to open up other methods like SSO as we see fit, without having to refactor the existing stack

Suman Varanasi

CTO / Fello

Read the story

Production auth in your coding agent. One command

Choose your agent to get users, roles, and SSO production-ready in minutes
Claude Code
Codex
GitHub Copilot
Cursor
Any agent
Claude Code REPL
Copy
Copied!
  # Add the Scalekit marketplace to Claude Code
  claude plugin marketplace add scalekit-inc/claude-code-authstack && 
  claude plugin install full-stack-auth@scalekit-auth-stack
Terminal
Copy
Copied!
  # Install the Scalekit Auth Stack
  $ curl -fsSL https://raw.githubusercontent.com/scalekit-inc/codex-authstack/main/install.sh | bash
Restart Codex, open Plugin Directory, select Scalekit Auth Stack, and enable your auth plugin.
Terminal
Copy
Copied!
  # Step 1 — add the Scalekit marketplace
  $ copilot plugin marketplace add scalekit-inc/github-copilot-authstack

  # Step 2 — install the full-stack-auth plugin
  $ copilot plugin install full-stack-auth@scalekit-auth-stack
Terminal
Copy
Copied!
  # Install the Scalekit Auth Stack
  $ curl -fsSL https://raw.githubusercontent.com/scalekit-inc/cursor-authstack/main/install.sh | bash
Restart Cursor, open Settings > Cursor Settings > Plugins, and enable your auth plugin.
Works with Claude Code, Codex, Copilot CLI, Cursor, Windsurf, and 35+ more agents.
Terminal
Copy
Copied!
  npx skills add scalekit-inc/skills --list
Your agent guides you through the rest.
Starting prompt
Help me set up Scalekit in this project. I use [mention your agent — e.g., Claude Code, Cursor, Codex].

Add SSO before enterprise
deals demand it

Modular SSO sits on top of any auth system. Your enterprise customer self-serves the setup in under 15 minutes
Try for free
SSO
Admin Portal
Modular setup
SCIM

Integrate any enterprise IdP

SAML and OIDC supported across all enterprise IdPs. SP-initiated and IdP-initiated flows included. Certificate rotation and expiry are handled automatically. Built-in IdP testing and configuration tools
Learn more

Let customers configure their own SSO connections

Give every customer a branded portal link. They connect their IdP, test the login, and go live in under 15 minutes. Embed it in your app or share it as a standalone link
Learn more

Add enterprise SSO without touching your auth logic

Built on Auth0, Cognito, Firebase, or your own auth? Scalekit slots in as the SSO layer on top. Nothing underneath changes: users, sessions, and auth logic all stay intact
Learn more

Turn SCIM on with one toggle
when you need it

One toggle per org activates directory sync. Admins and can self serve set up. Users provision and deprovision automatically from Azure AD, Okta, Rippling. Roles map at sync time
Learn more

Integrate any enterprise IdP

SAML and OIDC supported across all enterprise IdPs. SP-initiated and IdP-initiated flows included. Certificate rotation and expiry are handled automatically. Built-in IdP testing and configuration tools
Learn more

Add enterprise SSO without touching your auth logic

Built on Auth0, Cognito, Firebase, or your own auth? Scalekit slots in as the SSO layer on top. Nothing underneath changes: users, sessions, and auth logic all stay intact
Learn more

Turn SCIM on with one toggle
when you need it

One toggle per org activates directory sync. Admins and can self serve set up. Users provision and deprovision automatically from Azure AD, Okta, Rippling. Roles map at sync time
Learn more
Add SSO without touching the rest of your auth
Free for your first connection. $60/month from the second. No migration required
View Modular SSO pricing

It's the most simple and easily understandable platform we could find for Auth. It's free to get started and they have the best customer support I have experienced when compared to some of their major competitors.

Emil Sarkisi Stepanian

Founder / Hubbl

Read the story

Everything else, already included

MCP Auth
Drop OAuth 2.1 into any MCP server without building an auth layer from scratch. Dynamic Client Registration, CIMD support, and per-tool scopes included
Learn more
Passwordless Auth
Give users every modern login method without managing a single password. Magic links, email OTP, and passkeys all ship from one integration
Learn more
Auth Logs
Trace every login, session, and org action with rich event payloads, enough context to debug any auth issue end to end, without setbacks.
Learn more
Hosted UI Widgets
Ship branded login, admin, and profile pages without writing UI from scratch. Every widget is hosted, styled to your app, and ready to drop in
Learn more
100% portable
Built-in Auth with RLS
Easy to extend
Learn more
Interceptors
Attach custom logic at Pre-Signup, Pre-Session, Pre-Invite, and Pre-M2M without touching your backend. Block, allow, or enrich tokens inline
Learn more

Add Auth to your B2B SaaS Apps

Complete User Management: Orgs, users, RBAC, SSO, SCIM, MCP auth, one model
View Pricing
$0
/month
1M Monthly Active Users
An SSO connection is a SAML or OIDC integration configured for an organization. You are billed only for connections that are enabled. Connections in a disabled state are not charged.
then $0.05 / MAU
1 SCIM directory
then $60 / additional SCIM directory
100 Monthly Active Organizations
An SSO connection is a SAML or OIDC integration configured for an organization. You are billed only for connections that are enabled. Connections in a disabled state are not charged.
then $1 / MAO
10,000 M2M tokens / month
1 SSO connection
then $60 / additional SSO connection
Custom domain & branding
Optional add-on: $99/mo
Ready to ship

Manage your users. Win enterprise deals

Every identity feature including orgs, roles, SSO, and SCIM. Unlocked on the free tier
Start for free
Talk to an engineer
The Auth Stack
for AI applications
hi@scalekit.com
16192 Coastal Hwy Lewes,
DE 19958
slack logo
Join our community 
Modular Auth
MCP AuthAgent AuthSSOSCIM
Full Stack Auth
User & Org ManagementAuth MethodsAPI AuthRoles & PermissionsCustomizationEnterprise Auth
Extensibility
Auth workflowsIntegrations
Compare
Scalekit vs Auth0Scalekit vs StytchScalekit vs DescopeScalekit vs CognitoScalekit vs ClerkScalekit vs WorkOS
Industry Reports
State of Auth 2025Enterprise MCP patterns
Auth Guides
MCP AuthSingle Sign-onPasswordlessSCIMOAuth
Resources
DocsAPI ReferenceBlogRelease NotesSDKs
Company
LegalTrust CenterCustomers
Compliance
Follow us on
All systems operational
Copyright © 2026.
ScaleKit Inc. All rights reserved

We use cookies, so things load fast, we learn what to fix, and you can always reach us on chat

Okay, got it!Â