This article was originally published on Jo4 Blog.
I was about to upgrade our Auth0 plan to get a cleaner domain. Then I looked at the pricing page.
And closed the tab.
The Setup
Auth0 gives you a randomly generated tenant URL when you sign up:
dev-exjsxdx8c6qt3uhf.us.auth0.com
Not exactly brand-inspiring. I wanted something cleaner like jo4.us.auth0.com.
To get a custom tenant name, you need to create a new tenant. To create a new tenant on the free plan:
❌ You have reached the limit for Tenants in your current plan.
Upgrade your plan to create more tenants.
Fine, I thought. What does the paid plan cost?
The Math That Doesn't Math
Free Plan:
- 25,000 MAU included
- 1 tenant
- Basic features
- $0/month
Essentials Plan (Paid):
- 500 MAU included
- Multiple tenants
- MFA, RBAC
- $35/month (B2C)
Wait. The paid plan includes fewer users than the free plan?
Yes. When you upgrade from free to Essentials, you go from 25,000 included MAUs to 500 included MAUs. Want more? Pay per MAU.
The Real Pricing Table
Here's what Auth0 pricing actually looks like:
| Plan | Included MAU | Price | Cost per Additional MAU |
|---|---|---|---|
| Free | 25,000 | $0 | N/A (hard limit) |
| Essentials | 500 | $35/mo | ~$0.07/MAU |
| Professional | 1,000 | $240/mo | ~$0.24/MAU |
| Enterprise | Custom | $30k+/year | "Let's talk" |
So if you have 10,000 users and want to upgrade to Essentials, you'd pay:
$35 base + (9,500 × $0.07) = $35 + $665 = $700/month
For a cleaner URL and MFA.
What You Actually Get on Free
The free tier is surprisingly capable:
✅ 25,000 monthly active users
✅ Social login (Google, Apple, GitHub, etc.)
✅ Email/password authentication
✅ Passwordless (magic links)
✅ Universal Login (hosted login page)
✅ Basic user management
✅ 3 team members
What you DON'T get:
❌ Multi-factor authentication (MFA)
❌ Role-based access control (RBAC)
❌ Multiple tenants
❌ Custom domains (like auth.yourapp.com)
❌ More than 5 organizations (B2B)
When to Actually Upgrade
Stay on Free if:
- You have < 25,000 MAU
- You don't need MFA
- You can live with
dev-xxx.auth0.com - You're B2C or have < 5 B2B customers
Upgrade to Essentials if:
- You NEED MFA (compliance, enterprise customers)
- You have < 2,000 MAU (cost is reasonable)
- Multiple environments are critical (staging/prod tenants)
Upgrade to Professional if:
- You need > 3 SSO connections
- You have enterprise customers requiring specific compliance
- You're at the "money is less important than time" stage
Go Enterprise if:
- You have > 25,000 MAU anyway
- You need 99.99% SLA
- You want a dedicated account manager to yell at
The Alternative: Don't Upgrade
Here's my actual decision:
- Keep the free plan - 25,000 MAU is plenty for now
- Accept the ugly URL - Users see it for ~1 second during OAuth redirect
- Revisit when we need MFA - That's the real trigger, not vanity URLs
The dev-exjsxdx8c6qt3uhf.us.auth0.com domain is ugly, but it works. Users don't care. They're looking at their phone, waiting for the login to complete.
The Real Question
Before upgrading Auth0, ask yourself:
"Am I upgrading because I need the features, or because the free tier feels unprofessional?"
If it's the latter, save your money. Put it toward features your users actually see.
Why Not Self-Host?
"Just implement auth yourself" is advice I hear often. Here's why I'm staying with Auth0:
Auth0 handles:
- Password hashing (bcrypt/argon2)
- Password reset flows
- Email verification
- Brute force protection
- Account lockout
- Breach detection
- Compliance (SOC2, HIPAA options)
One auth mistake = security incident. Auth0's free tier is free insurance.
The value isn't the login page. It's not storing passwords in your database.
What's your auth setup? Self-hosted, Auth0, Clerk, something else? I'm curious what other indie hackers are using.
Building jo4.io - a URL shortener that definitely doesn't store your passwords.
Top comments (0)