PropelAuth
Last verified 2026-05-21 · Reviewed by guptadeepak
Editorial verdict
PropelAuth is a B2B-first developer-CIAM with a hosted self-service Org admin portal at the level of Frontegg's, at materially lower price for startup-and-mid-market scale. HIPAA-eligibility is uncommon at this price tier. For B2B SaaS startups whose customers need role hierarchies and Org-admin UX, PropelAuth shortlists with Frontegg, Kinde, and Clerk.
Last verified by @guptadeepak on 2026-05-21.
At a glance
- Best for
- B2B SaaS startups that need Organizations + role hierarchies + self-service Org admin UI
- Pricing
- tiered-mau
- Free tier
- 10,000 MAU
- Deployment
- cloud-saas
- SOC 2 Type II
- Yes
- Passkeys
- Native
- Self-host
- No
- Open source
- No
Funding & business
- Funding model
- Venture-backed
- Total raised
- $3.1M
- Latest round
- Seed · $2.6M · 2022
- Years in business
- 5 yrs
- Round led by
- Tiger Global
- Profitable
- Not disclosed
B2B auth (YC W22); $2.59M seed led by Tiger Global.
Funding data from primary source. See also the CIAM investor landscape.
Strengths
- B2B-first product surface with first-class Organizations, role hierarchies, and self-service Org admin UI.
- Strong React / Next.js DX with idiomatic hooks and component primitives.
- Includes a hosted self-service Org admin portal that end-customer admins use directly, similar to Frontegg's model at lower price.
- HIPAA-eligible, uncommon at this tier and price point.
Limitations
- Smaller community and ecosystem than Auth0 / Clerk.
- Compliance footprint outside HIPAA is narrow, no FedRAMP, ISO 27001, PCI DSS.
- No native FGA or adaptive MFA.
- Not optimized for B2C consumer flows; the product surface is B2B-shaped.
Capability matrix
Every vendor scored on the same axes. See the methodology for criteria.
| Password authentication | Yes |
|---|---|
| Social login | Yes |
| Magic links | Yes |
| SMS OTP | No |
| Email OTP | Yes |
| TOTP (authenticator app) | Yes |
| Push MFA | No |
| WebAuthn / passkeys | Yes |
| Biometric | Yes |
| Hardware security keys | Yes |
| SAML SSO | Yes |
| OIDC SSO | Yes |
| OAuth 2.0 SSO | Yes |
| Enterprise federation | Yes |
| Passwordless-only flows | Yes |
| Adaptive MFA | No |
| Step-up auth | Partial |
| RBAC | Yes |
|---|---|
| ABAC | No |
| ReBAC | No |
| FGA engine | No |
| API authorization | Yes |
| Fine-grained permissions | Yes |
| Self-service registration | Yes |
|---|---|
| Progressive profiling | No |
| Self-service account | Yes |
| Bulk user import | Yes |
| Admin user search | Yes |
| Custom user metadata | Yes |
| Organizations / tenants | Yes |
| Multi-tenancy | Yes |
| REST API | Yes |
|---|---|
| GraphQL API | No |
| SDKs | js, node, react, next, python, go, rust, dotnet, java |
| CLI | No |
| Terraform provider | No |
| Local emulator | No |
| Extension model | Webhooks + JWT customization |
| Bot detection | No |
|---|---|
| Breached password detection | Yes |
| Brute-force protection | Yes |
| Anomaly detection | No |
| Log streams | Partial |
| Audit logs | Yes |
| GDPR data export | Yes |
| PII minimization | Partial |
| Post-quantum roadmap | No |
| MCP support | No |
|---|---|
| OAuth 2.1 | Yes |
| Dynamic client registration | No |
| Agent vs human token separation | No |
| Web Bot Auth | No |
| SOC 2 Type II | Yes |
|---|---|
| ISO 27001 | No |
| ISO 27018 | No |
| HIPAA | Yes |
| PCI DSS | No |
| GDPR | Yes |
| CCPA | Yes |
| FedRAMP | No |
| EU data residency | Yes |
| Consent management | No |
|---|---|
| Preference center | Partial |
| Purpose-specific consent | No |
| Integrates with CMPs | n/a |
Pricing
| 10,000 MAU | $0/mo |
|---|---|
| 100,000 MAU | $600/mo |
| 500,000 MAU | $2,200/mo |
| 1,000,000 MAU | $4,200/mo |
- B2B-first pricing, Pro tier at $150/month covers most B2B SaaS at low scale
- Enterprise SSO connections billed per-connection
- Self-service Org admin UI included at all tiers
Estimates use the standard assumptions in our methodology. Always confirm with the vendor.
Best for
- B2B SaaS startups that need Organizations + role hierarchies + self-service Org admin UI
- HIPAA-required B2B SaaS at startup or mid-market scale
- Teams comparing Frontegg and Clerk for B2B-first projects
Not for
- B2C consumer apps
- Workloads requiring FedRAMP, ISO 27001, or PCI DSS
- Authorization-heavy use cases requiring FGA
FAQ
- How does PropelAuth compare to Frontegg?
- Both ship a self-service Admin Portal that end-customer admins use directly. Frontegg has the more mature product and broader feature surface; PropelAuth is materially cheaper for B2B SaaS at startup scale and includes HIPAA-eligibility at lower tiers. For startup-stage B2B SaaS, PropelAuth often wins on cost; for larger deployments, Frontegg's depth is the differentiator.
- Does PropelAuth support B2C apps?
- Not optimized for it. The product surface assumes Organizations are the core data primitive; for B2C without organizations, look at Auth0, Stytch, Clerk, or MojoAuth.
- Is PropelAuth HIPAA-eligible?
- Yes, with a signed BAA at qualifying tiers. Among developer-first B2B CIAM at this price, HIPAA support is the differentiator over Kinde and Clerk.
Sources
- PropelAuth Pricingaccessed 2026-04-22
- PropelAuth Documentationaccessed 2026-04-22
What PropelAuth is
PropelAuth launched in 2021 from San Francisco with a B2B-first thesis: ship a CIAM where Organizations, role hierarchies, and self-service Org admin tooling are first-class concepts rather than bolt-ons. The product line targets B2B SaaS startups that need to ship role-based access control and per-Org admin features without building an Admin Portal v1 in-house.
Where PropelAuth wins
The hosted self-service Org admin UI is the differentiator at this price tier. End-customer admins log in directly to manage their own users, role assignments, and SSO connections, similar to Frontegg's Admin Portal model but at a materially lower entry price. Strong React / Next.js DX with idiomatic hooks. HIPAA-eligibility is the compliance differentiator at this tier.
Where PropelAuth hurts
Smaller community than Auth0 / Clerk; compliance footprint outside HIPAA is narrow; no native FGA or adaptive MFA; B2C-light by design. For consumer apps or for workloads requiring FedRAMP / ISO 27001 / PCI DSS, look elsewhere.
How PropelAuth compares
The closest comparisons are Frontegg vs PropelAuth, Clerk vs PropelAuth, and Auth0 vs PropelAuth. For modern B2B SSO with even tighter scope, WorkOS and SSOJet are alternatives.
Editorial changelog (1 entry)
Editorial review: capability matrix and TCO bands confirmed against the latest vendor documentation.