Wristband
Last verified 2026-04-28 · Reviewed by guptadeepak
Editorial verdict
Wristband is a B2B-multi-tenant-CIAM with predictable per-tenant pricing, designed for SaaS apps where tenant isolation is the architectural anchor. Smaller and younger than WorkOS or Frontegg, with narrower compliance, but the pricing model is genuinely friendly for SaaS with growing customer counts. Worth evaluating alongside SSOJet and Scalekit for early-to-mid-stage B2B SaaS.
Last verified by @guptadeepak on 2026-04-28.
At a glance
- Best for
- B2B SaaS prioritizing strict tenant isolation by design
- Pricing
- per-organization
- Free tier
- 25,000 MAU
- Deployment
- cloud-saas
- SOC 2 Type II
- Yes
- Passkeys
- Native
- Self-host
- No
- Open source
- No
Funding & business
- Funding model
- Bootstrapped
- Total raised
- None
- Latest round
- None disclosed
- Years in business
- 4 yrs
- Profitable
- Not disclosed
Bootstrapped by its founders; multi-tenant B2B auth, no institutional funding disclosed.
Funding data from primary source. See also the CIAM investor landscape.
Strengths
- B2B multi-tenant CIAM with per-tenant data isolation as a first-class design choice.
- Predictable per-tenant pricing favorable to B2B SaaS with growing customer count.
- Strong default tenant resolution flow with subdomain-aware login URLs.
- Modern API surface and SDKs across major languages.
Limitations
- Very young, small customer base and ecosystem.
- Compliance footprint is narrow, SOC 2 only.
- B2C consumer features are not the focus; basic at best.
- No native FGA, no adaptive MFA, no managed bot detection.
Capability matrix
Every vendor scored on the same axes. See the methodology for criteria.
| Password authentication | Yes |
|---|---|
| Social login | Yes |
| Magic links | Yes |
| SMS OTP | No |
| Email OTP | Yes |
| TOTP (authenticator app) | Yes |
| Push MFA | No |
| WebAuthn / passkeys | Yes |
| Biometric | Yes |
| Hardware security keys | Yes |
| SAML SSO | Yes |
| OIDC SSO | Yes |
| OAuth 2.0 SSO | Yes |
| Enterprise federation | Yes |
| Passwordless-only flows | Yes |
| Adaptive MFA | No |
| Step-up auth | Partial |
| RBAC | Yes |
|---|---|
| ABAC | No |
| ReBAC | No |
| FGA engine | No |
| API authorization | Yes |
| Fine-grained permissions | Yes |
| Self-service registration | Yes |
|---|---|
| Progressive profiling | No |
| Self-service account | Yes |
| Bulk user import | Yes |
| Admin user search | Yes |
| Custom user metadata | Yes |
| Organizations / tenants | Yes |
| Multi-tenancy | Yes |
| REST API | Yes |
|---|---|
| GraphQL API | No |
| SDKs | js, node, react, next, python, go, dotnet |
| CLI | No |
| Terraform provider | No |
| Local emulator | No |
| Extension model | Webhooks + custom claims |
| Bot detection | No |
|---|---|
| Breached password detection | Yes |
| Brute-force protection | Yes |
| Anomaly detection | No |
| Log streams | Partial |
| Audit logs | Yes |
| GDPR data export | Yes |
| PII minimization | Partial |
| Post-quantum roadmap | No |
| MCP support | No |
|---|---|
| OAuth 2.1 | Yes |
| Dynamic client registration | No |
| Agent vs human token separation | No |
| Web Bot Auth | No |
| SOC 2 Type II | Yes |
|---|---|
| ISO 27001 | No |
| ISO 27018 | No |
| HIPAA | No |
| PCI DSS | No |
| GDPR | Yes |
| CCPA | Yes |
| FedRAMP | No |
| EU data residency | Yes |
| Consent management | No |
|---|---|
| Preference center | No |
| Purpose-specific consent | No |
| Integrates with CMPs | n/a |
Pricing
| 10,000 MAU | $0/mo |
|---|---|
| 100,000 MAU | $250/mo |
| 500,000 MAU | $1,100/mo |
| 1,000,000 MAU | $2,200/mo |
- Per-tenant pricing model, predictable as B2B customer base grows
- Free tier covers most early-stage B2B SaaS
- Enterprise SSO connections billed per-tenant per-month
Estimates use the standard assumptions in our methodology. Always confirm with the vendor.
Best for
- B2B SaaS prioritizing strict tenant isolation by design
- Multi-tenant SaaS at startup-to-mid-market scale
- Teams comparing per-tenant pricing models against per-MAU
Not for
- B2C consumer apps
- Workloads requiring HIPAA, FedRAMP, or PCI DSS
- Mid-large enterprise federation requirements
FAQ
- What does Wristband mean by per-tenant data isolation?
- Each B2B customer (tenant) gets logically isolated user data and configuration; cross-tenant queries are not possible by default. This is a stronger architectural posture than 'add a tenant_id claim and trust the application,' which is how many CIAM achieve multi-tenancy.
- How does Wristband compare to WorkOS?
- Both are B2B-focused. WorkOS is more mature, has a broader feature set, and a larger customer base; Wristband is younger with tighter scope on multi-tenancy and per-tenant pricing. For early-stage SaaS prioritizing predictable pricing per customer, Wristband is competitive.
- Does Wristband handle B2C apps?
- Not really. Wristband is B2B-multi-tenant-first; for consumer apps, look at Auth0, Stytch, MojoAuth, or Clerk.
Sources
- Wristband Pricingaccessed 2026-04-22
- Wristband Documentationaccessed 2026-04-22
What Wristband is
Wristband launched in 2022 in New York with a B2B-multi-tenant-first thesis: ship a CIAM where per-tenant isolation is an architectural primitive rather than a tenant_id claim convention. The product surface assumes B2B SaaS with multiple end-customer organizations, each with their own subdomain, branding, and isolated user pool, and delivers the auth + tenant-resolution + admin tooling for that pattern.
Where Wristband wins
Per-tenant data isolation by design, not as a configuration option. Predictable per-tenant pricing that aligns with how B2B SaaS economics actually work (you bill per customer, you pay per tenant). Subdomain-aware tenant resolution that reduces the engineering effort to ship per-customer branded login flows.
Where Wristband hurts
Young, small ecosystem, narrow compliance (SOC 2 only). B2C-light by design. No native FGA, no adaptive MFA, no managed bot detection. For consumer apps or for mid-large enterprise federation, look elsewhere.
How Wristband compares
The closest comparisons are Wristband vs WorkOS, Wristband vs Frontegg, and Wristband vs SSOJet for the B2B-multi-tenant-CIAM choice. For B2C plus B2B coverage, Auth0 and MojoAuth are alternatives.
Editorial changelog (1 entry)
Full profile review: capability matrix, TCO bands, and editorial verdict re-verified against current public sources.