You probably pay too much for your identities and your access management!

Genesis

It didn't take 7 days to come up with a pricing model for the ZITADEL platform. Actually it took around 12 months time as of this writing.

In Mai 2020 we started of by mapping out core features, doing pricing research of ca. 15 competitors of IAM products. We also agreed on our core principles for pricing according to our values:

• Security features should be included in all versions of the product
• Pricing should not hinder adoption by users and security best practices
• If possible, the pricing should favor modern architecture and IAM principles over legacy

With these principles we kick-started an iterative process over a couple of meetings to find issues with the pricing and round-off any edges that caused even internal discussions. The process was straight forward and started with formulating a potential pricing model (feature set, tiers, rates/limits, price) for our ZITADEL Cloud and ZITADEL Enterprise tiers in Google Sheets, then discussing all the flaws and complications with this model to design a better version.

A short summary what happened over a couple of meetings: In July 2020 we started with 3 tiers in Cloud and 2 tiers in Enterprise, mapping out the initial feature set per tier (e.g. term for audit trail) with a pricing for each 1'000 active users per organization. Right from the start we were against a per-user pricing, as this seemed too much of a anti-pattern with negative impact on adoption. The limits of users got even more complicated and we ended up around September 2020 with not only per 1'000 active users pricing, but also limits such as max. active users per day, an unlimited user paid-option.

We scrapped the idea quickly after, and instead focussed bringing high-value platform services to the higher tiers and keep the pricing itself simple. At that time, around October, we also introduced the idea of unlimited users and IAM resources. On the one hand, since ZITADEL is well-engineered our compute cost are so small, even with a HA and multi-provider setup to provide 99.9% uptime, we concluded that from a pure cost perspective a per-user/resource/session pricing is not necessary. On the other hand, managing subscriptions, measuring and monitoring usage based on a limits and rates would have caused significant engineering cost and additional overhead.

So we settled on 4 plans for ZITADEL Cloud (Free, Outpost, Starbase, Fortress) and 2 plans for dedicated instances (Enterprise Cloud, and Enterprise). The last update to our pricing was a couple of weeks ago, when we decided which private-labeling functions will be available per plan.

The whole process was in no means inefficient, since it also triggered great discussions about the unique value proposition, business model, feature priorities and operations of the cloud solution. Yet, I would improve the process, for example when a major overhaul would be necessary, by asking some of you or other potential clients to kindly provide early feedback on the ideas.

A summary of the pricing principles could be as follows:

• Security features are included in every plan
• No by-user pricing
• Add-ons for integration or legacy functions
• Always free & developer tiers to get you started
• You don't need a credit card to sign up
• Plans are structured along SLA guarantees and value-add features
• It is easy for you to plan your costs for IAM

ZITADEL Cloud

The 4 plans are

• Free: Start building your app on the ZITADEL platform
• Outpost (50 CHF per month): For when you need basic private-labeling for Login, email support, and reporting
• Starbase (250 CHF per month): Optimal for mature projects requiring SLA, more customization, and guaranteed support
• Fortress (1'000 CHF per month): Full feature set, 99.95% availability, immediate support

For more information check out our pricing page. Click "compare all" to get a more detailed overview across all plans.

We think these plans might work well for you. But do let us know what you think or in case you are missing something.

Providers such as Auth0 or Okta will charge you on a per-user basis, depending wether these users are "employees" or "customers". We don't make that distinction, you have unlimited users independent if those are employees, customers, partners, machines. Moreover, with ZITADEL you don't need to pay extra for MFA or custom policies. When using Microsoft Azure AD, you will also pay by user for "employee" identities, however Azure AD changed their pricing in 2019/2020 and offers now up to 50'000 "customer identities" for free. But you should bear in mind that there is no such thing as a free lunch, and you should make sure to figure out all associated cost when using Azure AD. We also looked at various providers of managed Keycloak instances in US and Europe and believe our pricing is very competitive in the international market. ZITADEL is also open source, but offers much better support for scalability and multi-datacenter operations that is why we believe we can provide an viable alternative in the open source as service market as well.

We can offer these prices because we run ZITADEL in a highly automated manner based on GitOps, you can register and manage all aspects of ZITADEL on your own with no interaction required from us, and payment for the subscription can be handled within ZITADEL. We will need to continuously work on providing you with high quality documentation and content to get you started, understand how ZITADEL works, and how you best use ZITADEL in your specific use cases.

ZITADEL Enterprise

The 2 plans are

• Enterprise Cloud: Managed instance of ZITADEL in a private cloud or data center of your choice
• Enterprise: 3rd level support for ZITADEL

Both plans start at 60'000 CHF p.a. for the operations, and 75'000 CHF p.a with an uptime and support response time guarantee as well as direct contact to our engineers. If you require 24x7 support or higher uptime guarantees than 99.5% we will need to understand your requirements and your current architecture to provide you with a quote that meets both of our needs.

Both plans cost the same. We have loads of experience operating and supporting high-available solutions, especially identity & access management systems. Drawing from this experience we are convinced that we must spend around an equal amount of time to guarantee the correct operations, maintenance, and upgrade of systems compared to assist with these topics through 3rd level support requests. Moreover, when deploying a managed instance we can use ORBOS to create Kubernetes, automation, and tooling for the platform in the same way that we operate our ZITADEL Cloud service.

Some thoughts on the future

Most important is your feedback. Let us know in case you have something to say about how we structured our plans.

Depending on how our business develops in the future, there are multiple aspects to tweak in the future:

• We are currently discussing a program for start-ups that are just starting out and don't have the means yet to subscribe to our highest Cloud tiers
• Currently you have to order ZITADEL Enterprise the 'old way' (ie. email, call). In practice we can setup a ZITADEL platform on multiple providers or on bare metal already in under 20 minutes. We want to go further in that direction and make it possible to generate a ZITADEL Enterprise setup via self-service. This would mean less cost for us, which might give way to further expand the Enterprise offering.
• We will leverage our network of partners to bring ZITADEL to markets that are hard to operate in with as a young company. So you might see ZITADEL being offered by a partner of ours for a different price or feature set. If you are interested in offering ZITADEL as a reseller or partner, please get in touch.
• We might change our prices in the future, but will certainly make sure that you as an early customer are always getting the best price under the new policy (eg, through grandfathering)

Cover photo by CardMapr.nl on Unsplash