This article is created by Logto, an open-source solution that helps developers implement secure auth in minutes instead of months.
2025 was the year Logto got a lot bigger:
- Logto Cloud grew ~10x in MRR year over year
- Identities in Logto Cloud grew from under 1M to 2M+
- Logto OSS gained 2,000+ GitHub stars
We also served more enterprise customers, kept SOC 2 Type II current, improved GDPR-related work, and shipped a lot across authentication and authorization.
More of our growth came from larger customers with stricter requirements around data residency and isolation, so we leaned heavily on Private Cloud there.
Private Cloud: why enterprises picked it
For enterprise teams, features are table stakes. The real decision is about the “boring” requirements: isolation, data residency, performance, security review, and reliability.
Logto Private Cloud exists for that:
- data residency options that match compliance requirements
- infrastructure-as-code and flexible cloud setup, making rollouts smooth and scalable
Example: for one European organization, we deployed two Private Cloud instances in about a week. Each is sized for 1,000+ RPS with headroom.
What we shipped
We aim to keep changes practical and aligned with OIDC and OAuth. A few highlights:
- more connectors to reduce integration time across common IdPs and ecosystems
- Logto as a SAML IdP for better compatibility with enterprise and legacy systems
- CAPTCHA and security policies to reduce abuse and automated attacks
- magic links for additional passwordless sign-in options and user invitation flows
- secret vault for federated token storage
- user profile collection for onboarding and progressive profile completion
Open source
Logto OSS gained 2,000+ stars in 2025, plus amazing community work like custom password hashing support and new connectors.
Open source is how most people find Logto, test it, and decide whether to trust it. We’re not changing that.
MCP and agent auth
We started MCP Auth work to support AI and agentic workflows. As more software becomes agent-driven, identity and authorization need to keep up. More on this in 2026.
Reliability: what changed for us
In 2025, we saw fewer incidents caused by regressions. Most issues came from upstream dependencies or cloud infrastructure.
That’s not an excuse to say it wasn’t on us. The biggest gap wasn’t the fix, it was speed and clarity of updates. We’re tightening that up.
2026 priorities
- reliability, incident communication, and operational maturity
- making Logto the default choice for modern multi-tenant SaaS where security and UX both matter
- pushing forward on MCP and agentic auth
If you’re building a SaaS or AI product and need modern auth that scales, Logto is built for it.
Top comments (0)