Clerk
Last verified 2026-03-25 · Reviewed by guptadeepak
Editorial verdict
Clerk is the default for Next.js and React teams under 100k MAU who care about time-to-first-login and polished UI more than federation breadth. Above 100k MAU and into enterprise SSO breadth, Auth0 still leads. For passwordless and B2B Organizations under that ceiling, Clerk is among the strongest in the market.
Last verified by @guptadeepak on 2026-03-25.
At a glance
- Best for
- Next.js / React teams under 100k MAU
- Pricing
- tiered-mau
- Free tier
- 10,000 MAU
- Deployment
- cloud-saas
- SOC 2 Type II
- Yes
- Passkeys
- Native
- Self-host
- No
- Open source
- No
Funding & business
- Funding model
- Venture-backed
- Total raised
- $55.5M
- Latest round
- Series B · $30M · 2024
- Years in business
- 7 yrs
- Round led by
- CRV
- Profitable
- Not disclosed
Investors
$30M Series B in Jan 2024 with a strategic Stripe partnership; expanding from authentication into authorization.
Funding data from primary source. See also the CIAM investor landscape.
Strengths
- Best-in-class Next.js / React DX, the default integration is 15 minutes from npm install to working login.
- Polished default UI components that most teams ship without customization.
- Conditional UI for passkeys is on by default.
- Transparent, predictable pricing through 100k MAU.
Limitations
- Enterprise SSO connection breadth is narrower than Auth0 for unusual IdPs.
- No FGA / Zanzibar-style fine-grained authorization, pair with a separate vendor.
- Smaller compliance footprint (no FedRAMP, ISO 27001 is in progress).
- Extension model is webhooks + JWT templates; no inline server-side hook execution.
Capability matrix
Every vendor scored on the same axes. See the methodology for criteria.
| Password authentication | Yes |
|---|---|
| Social login | Yes |
| Magic links | Yes |
| SMS OTP | Yes |
| Email OTP | Yes |
| TOTP (authenticator app) | Yes |
| Push MFA | No |
| WebAuthn / passkeys | Yes |
| Biometric | Yes |
| Hardware security keys | Yes |
| SAML SSO | Yes |
| OIDC SSO | Yes |
| OAuth 2.0 SSO | Yes |
| Enterprise federation | Partial |
| Passwordless-only flows | Yes |
| Adaptive MFA | Partial |
| Step-up auth | Yes |
| RBAC | Yes |
|---|---|
| ABAC | No |
| ReBAC | No |
| FGA engine | No |
| API authorization | Yes |
| Fine-grained permissions | Partial |
| Self-service registration | Yes |
|---|---|
| Progressive profiling | Yes |
| Self-service account | Yes |
| Bulk user import | Yes |
| Admin user search | Yes |
| Custom user metadata | Yes |
| Organizations / tenants | Yes |
| Multi-tenancy | Yes |
| REST API | Yes |
|---|---|
| GraphQL API | No |
| SDKs | js, react, next, remix, expo, node, go, python, ruby |
| CLI | Yes |
| Terraform provider | No |
| Local emulator | No |
| Extension model | Webhooks + JWT templates |
| Bot detection | Yes |
|---|---|
| Breached password detection | Yes |
| Brute-force protection | Yes |
| Anomaly detection | Partial |
| Log streams | Partial |
| Audit logs | Yes |
| GDPR data export | Yes |
| PII minimization | Partial |
| Post-quantum roadmap | No |
| MCP support | No |
|---|---|
| OAuth 2.1 | Yes |
| Dynamic client registration | No |
| Agent vs human token separation | No |
| Web Bot Auth | No |
| SOC 2 Type II | Yes |
|---|---|
| ISO 27001 | No |
| ISO 27018 | No |
| HIPAA | Partial |
| PCI DSS | No |
| GDPR | Yes |
| CCPA | Yes |
| FedRAMP | No |
| EU data residency | Yes |
| Consent management | No |
|---|---|
| Preference center | Partial |
| Purpose-specific consent | No |
| Integrates with CMPs | n/a |
Pricing
| 10,000 MAU | $25/mo |
|---|---|
| 100,000 MAU | $800/mo |
| 500,000 MAU | $2,800/mo |
| 1,000,000 MAU | $5,500/mo |
- Per-MAO (monthly active organizations) pricing on B2B tier
- Enhanced authentication (passkeys, MFA) gated to higher tiers
Estimates use the standard assumptions in our methodology. Always confirm with the vendor.
Best for
- Next.js / React teams under 100k MAU
- B2B SaaS where speed-to-launch outweighs federation breadth
- Teams that want default UI components without designer effort
Not for
- Apps requiring FedRAMP or extensive enterprise federation
- Authorization-heavy use cases needing fine-grained permissions
- Self-hosted deployments
FAQ
- Is Clerk a real Auth0 alternative for B2B SaaS?
- Yes for sub-100k MAU SaaS. Clerk's Organizations and B2B SSO support reach feature parity for most B2B use cases. For complex enterprise federation with 50+ connections, Auth0 still leads.
- Does Clerk support passkeys?
- Yes, with conditional UI on by default, the autofill prompt surfaces existing passkeys without an explicit button.
- What does Clerk cost at 500k MAU?
- Roughly $2,500–$3,000 per month at the standard tier, before SOC 2 add-ons and Enterprise SSO connections. Always confirm with Clerk for a custom quote at this scale.
Sources
- Clerk Pricingaccessed 2026-04-22
- Clerk Documentationaccessed 2026-04-22
What Clerk is
Clerk is a developer-first CIAM SaaS launched in 2019, focused on giving React and Next.js teams the fastest path from npm install to a production-grade login flow. The default integration ships polished UI components, a <SignIn /> and <UserButton />, that most teams use without customization, paired with hooks (useUser, useOrganization) that mirror the patterns React developers already know.
The B2B story is mature: Organizations are first-class, with invitations, role assignment, and SSO-per-org built into the default flow. The auth surface covers passwords, magic links, OTP, social, and passkeys, with conditional UI on by default for passkey adoption.
Where Clerk wins
The DX win is real and underrated. A Next.js team using the App Router can have working auth, B2B Organizations, and a default account page in under 30 minutes, with no designer effort. Pricing is predictable through 100k MAU and the free tier (10k MAU) covers most prototypes.
Passkey adoption is unusually high among Clerk customers because conditional UI is the default, not an opt-in. This is the orchestration win that separates Clerk from larger but less opinionated platforms.
Where Clerk hurts
Federation breadth is narrower than Auth0, common IdPs (Okta, Entra, Google Workspace) are well-supported, but unusual SAML connections (older PingFederate deployments, some healthcare IdPs) require more custom work. Compliance breadth is also smaller: SOC 2 Type II yes, FedRAMP no, ISO 27001 in progress.
There is no built-in FGA or Zanzibar-style fine-grained authorization. Teams needing this typically pair Clerk with OpenFGA, Authzed, or Permify. Audit log streaming is more limited than Auth0's; high-volume customers needing real-time SIEM forwarding will hit edges.
How Clerk compares
The most common direct comparison is Auth0 vs Clerk. For pure B2B with deeper SSO breadth, WorkOS and Frontegg are alternatives. For passkey-first consumer apps, Stytch is the closest competitor on DX.
Editorial changelog (1 entry)
Profile reviewed: capabilities, pricing, and verdict checked against current public sources.