July 2026 Summaries
8 posts from Clerk
Filter
Month:
Year:
Post Summaries
Back to Blog
Part 2 of the series on enterprise SSO pricing delves into the hidden costs associated with enterprise single sign-on (SSO), highlighting the "SSO tax," SCIM fees, and the significant engineering costs of building SSO in-house. While vendors often market SSO as a luxury upgrade, the actual expenses of supporting SAML are primarily due to initial integration work and ongoing maintenance, not per-user infrastructure costs. The "SSO tax" is prevalent in two markets: SaaS applications charging customers extra for SSO and auth-infrastructure providers charging developers for delivering SSO and SCIM. Hidden costs, such as directory-sync fees, MAU overages, and add-ons for support and audit logs, often exceed the base SSO price. Building SSO in-house demands a multi-quarter engineering effort and ongoing maintenance, with costs potentially reaching high six figures to over a million dollars over three years. Buying managed SSO solutions is generally more cost-effective for B2B SaaS companies, as it alleviates the ongoing security and maintenance burden.
Jul 01, 2026
3,520 words in the original blog post.
Enterprise Single Sign-On (SSO) pricing can be complex, primarily divided into two models: per-connection and per-Monthly Active User (MAU). For most B2B SaaS companies, per-connection pricing, which charges a flat fee per enterprise customer regardless of user count, is more predictable and often cheaper than per-MAU pricing, which scales with the total number of active users and can increase significantly with large customers. Hidden costs such as the "SSO tax," SCIM fees, connection caps, and engineering costs for in-house SSO development can inflate the final bill beyond advertised prices, catching teams off guard. The choice between these models depends on the company's growth stage and customer profile, with per-connection being more favorable for companies with fewer, larger clients, while per-MAU might suit those with many small connections and low user counts. The guide also discusses hybrid and flat-rate pricing models, emphasizing the importance of understanding these options to avoid unexpected expenses, especially as secure access becomes a standard requirement in enterprise procurement.
Jul 01, 2026
2,391 words in the original blog post.
In the concluding part of the series on enterprise Single Sign-On (SSO) pricing, the focus is on understanding compliance factors, choosing the right pricing model, and examining Clerk's approach to pricing. Compliance and security significantly shape the real cost of enterprise SSO, where audit reports and features like SCIM can impose hidden costs. Providers often gate access to SOC 2 and ISO 27001 reports behind higher plans, which can be a major expense for enterprises. GDPR compliance, data residency, and Data Processing Agreements (DPAs) are vital, with Clerk providing these across all plans to avoid common procurement blockers. Missing compliance features, such as SCIM, can lead to substantial manual provisioning costs and security risks due to orphaned accounts. When selecting a pricing model, per-connection pricing is recommended for large enterprises for predictability, while a per-MAU model might suit high-volume, consumer-focused usage until costs rise with large customers. Clerk offers a predictable per-connection pricing model, including SCIM directory sync, which avoids tier cliffs and forced sales calls, making it suitable for B2B SaaS companies seeking predictable costs. However, Clerk gates SOC 2 report access and HIPAA compliance to higher plans, making them significant line items in cost considerations.
Jul 01, 2026
3,603 words in the original blog post.
In the final installment of the series on auth-as-a-service (AaaS), the focus is on selecting and integrating a platform, with Clerk being recommended for most developer teams due to its developer-friendly components, customization options, and extensive framework support, including Next.js and React. Clerk offers a comprehensive suite of React components and hooks, supporting seamless integration and customization through CSS and themes, alongside server-side functionality with minimal client interaction. Key features include a robust organization model with built-in roles, RBAC, and B2B capabilities, transparent data portability, and a pricing model aligned with usage, making it suitable for scalable modern applications. The article outlines the importance of managed AaaS over building from scratch due to compliance, security, and operational benefits, emphasizing Clerk's commitment to data portability, which addresses common concerns about vendor lock-in. Overall, Clerk's robust feature set and integration capabilities make it a strong candidate for teams seeking to enhance their application identity management while focusing on core product development.
Jul 01, 2026
2,186 words in the original blog post.
Part 3 of the series on enterprise SSO pricing provides a detailed comparison of pricing structures from major providers such as WorkOS, Auth0, Okta, Supabase, and Firebase, focusing on per-connection versus per-MAU models. It highlights how costs vary significantly depending on the stage of the company, from startups to established businesses, and explains the complexities of per-connection pricing, which remains predictable with customer growth, compared to per-MAU pricing, which scales with user count. The document outlines various scenarios and price points for different enterprise SSO providers, emphasizing the importance of understanding these models to predict future expenses accurately. It also discusses the hidden costs and compliance factors tied to each provider, alongside the implications of choosing between building in-house solutions versus opting for managed services. The text underscores the significance of transparency in pricing, especially as companies scale, and the challenges of negotiating enterprise contracts with providers like Auth0 and Okta, which tend to become opaque at higher volumes.
Jul 01, 2026
3,913 words in the original blog post.
In this second installment of a four-part series on Auth-as-a-Service (AaaS), the text explores the decision-making process between managed and self-hosted authentication solutions. The discussion categorizes authentication infrastructure into four primary types: managed AaaS, self-hostable platforms, open-source libraries, and fully custom builds, each with distinct advantages and challenges. Managed AaaS is highlighted as the dominant choice for most teams due to its rapid deployment, security expertise, and compliance certifications, although it poses concerns such as usage-based pricing and potential data lock-in. Conversely, self-hosted solutions may be preferable in scenarios requiring strict data residency, unique authentication flows, or cost efficiency at extreme scales. The text offers a comprehensive decision framework for choosing between building in-house or opting for a managed service, stressing that while managed AaaS provides significant benefits for the majority, vendor lock-in remains a critical consideration explored in the upcoming part of the series.
Jul 01, 2026
3,610 words in the original blog post.
Part 2 of the series on handling session expiry in React Native apps with Clerk delves into creating resilient user experience flows, managing network failures, and leveraging native OAuth for smoother authentication. It emphasizes using `isSignedIn` from `useAuth()` as a route guard to manage session states effectively and guides developers on routing users with pending sessions to complete their tasks using Clerk's `taskUrls`. The article also covers strategies for maintaining session continuity, such as silent re-authentication, handling mid-transaction expiry, and employing retry logic for API calls. It explains the importance of distinguishing between error types and applying appropriate recovery strategies, like exponential backoff for network errors. Moreover, it highlights the benefits of native OAuth over browser-based methods for reducing session friction and ensuring reliability. Testing strategies for session expiry, background transitions, and offline scenarios are also discussed, alongside best practices for session management in Expo apps, including enabling token caching and configuring suitable session lifetimes. The article concludes by underscoring the importance of graceful session expiry handling and native OAuth for a robust mobile user experience.
Jul 01, 2026
3,576 words in the original blog post.
Auth-as-a-Service (AaaS) platforms offer managed authentication solutions that speed up development and enhance security, though they come with the consideration of vendor lock-in and data portability. This third installment of a four-part series delves into vendor lock-in concerns, providing a framework for evaluating AaaS providers based on data, API, SDK, and pricing lock-in aspects. Data portability is crucial, requiring providers to support self-service user data exports in standard formats like bcrypt for password hashes. A detailed comparison of leading AaaS providers, including Clerk and Auth0, reveals varying strengths and limitations in areas such as compliance, pricing, and feature support. The article emphasizes the importance of understanding true data portability and enterprise capabilities beyond marketing claims, setting the stage for a deeper exploration of implementation strategies in the final part of the series.
Jul 01, 2026
3,679 words in the original blog post.