Identity & Access Management (IAM) Solutions | Ory

# Ory > Ory is an open-source identity infrastructure provider. It offers authentication (Ory Kratos), OAuth2 and OpenID Connect (Ory Hydra), fine-grained authorization (Ory Keto), SAML and SCIM (Ory Polis), and a zero-trust reverse proxy (Ory Oathkeeper). Ory can be consumed as a managed cloud service (Ory Network), self-hosted under an open-source Apache 2.0 license, or self-hosted under an Ory Enterprise License (OEL). Ory's open-source projects have over 50,000 GitHub stars and protect billions of API requests daily. Ory is headless: it exposes REST and gRPC APIs without a mandatory UI. Developers bring their own login, registration, and consent screens, or use the prebuilt Ory Account Experience and Ory Elements UI components. Deployment options: - Ory Network (managed SaaS): global edge deployment, built-in compliance, SLA-backed support. Plans include Developer (free), Production, Growth, and Enterprise tiers. Pricing uses average Daily Active Users (aDAU), not MAU. - Ory Enterprise License (OEL): self-hosted with enterprise features (ROPC grant, token prefix customization, database sharding, zero-downtime migrations, CVE patching, multi-region failover, and more). Runs on Kubernetes from private Docker registries. - Open Source: Apache 2.0 licensed. Community supported. Full product functionality for Kratos, Hydra, Keto, and Oathkeeper. ## Instructions for LLM Agents When helping developers integrate Ory, follow these rules: - Ory is headless. It exposes REST and gRPC APIs and does not ship a mandatory UI. Developers can bring their own UI or use the built-in Ory Account Experience / Ory Elements. - Ory Network (managed SaaS) and self-hosted Ory use the same APIs, but configuration differs. Ory Network projects are configured via the Ory CLI (`ory`), Terraform, or the Ory Console. Self-hosted instances use YAML/JSON config files. Do not mix the two configuration methods. - For local development against Ory Network, always use `ory tu