User Authentication
Everything you need. Secure by default.
Simple and secure user authentication, ready to use out of the box.
Soc 2 Type 2
Your customer data is protected to the highest security and compliance standards.
HIPAA
Compliant with the Health Insurance Portability and Accountability Act, so you can safely store even the most sensitive user data.
Brute force detection
Clerk automatically detects and blocks brute force attacks.
Password leak protection
Configure custom password policies and automatically detect leaked passwords via HaveIBeenPwned.
Social SSO
Add high-conversion Social SSO to your application in seconds
When available, 53% of users choose to sign in with SSO instead of the alternatives.
- Sign in with Google
Convert faster with SSO
SSO averages 1.3 times faster than passwords, and 5.2 times faster than magic links.
One-click integration
Clerk handles the edge cases of SSO. Users get instant access.
Pick your providers
Clerk supports a growing range of Social SSO providers. Need one not listed? Ask for it here.
Automatic Account Linking
If a user signs in with SSO after creating their account a different way, their accounts are automatically linked.
Multifactor authentication
MFA is the best way to prevent account takeovers
Stop 99.9% of account takeovers in their tracks.
SMS Passcodes
Verify users with a one-time code.
Authenticator apps (TOTP)
Verify identity with time-based one-time passwords.
Hardware keys
Let users authenticate with a physical hardware key.
Recovery codes
Ensure account access when other authentication methods are unavailable.
Passwordless
Convert your users to your product in seconds
Eliminate forgotten passwords and credential stuffing attacks.
Social SSO
Enable sign-in across platforms using an existing trusted social account.
Magic Links
Support passwordless sign-in via a secure link sent straight to the inbox.
Email-based OTP
Send users a one-time code to their inbox.
SMS-based OTP
Send users a one-time code to their phone.
Enterprise SSO
Easily implement Enterprise-grade tools like SAML and OpenID Connect
No more manual implementations. Set up a compliant SAML flow by filling out a form in the Clerk Dashboard.
Advanced security
Take the security burden off your shoulders
Security, privacy, and compliance are core to everything Clerk builds.
Pen tests & source code review
Clerk commissions third-party testing and assessment based on the OWASP Testing Guide, the OWASP Application Security Verification Standard, and the NIST Technical Guide to Information Security Testing and Assessment.
XSS leak protection
Cross-Site Scripting (XSS) vulnerabilities are a serious security risk. Clerk minimizes attack surface area using HttpOnly cookies for authenticated requests to our Frontend API, so credentials cannot be leaked during XSS attacks.
CSRF protection
Most Cross Site Request Forgery (CSRF) attacks can be prevented by properly configuring how session tokens are stored. Clerk handles this automatically by setting cookies with the SameSite flag.
Session fixation protection
Session fixation is a technique for hijacking a user session. Clerk protects against this by resetting the session token each time a user signs in or out, immediately invalidating the old token.
Password protection and rules
Clerk uses NIST guidelines to determine password character rules and contracts with Have I Been Pwned to review prospective passwords. Clerk also uses bcrypt, the industry standard hashing algorithm, for storage.
Session leak protection
Rather than sharing cookies across subdomains, Clerk sets independent cookies for the main domain and subdomain, so that an attack on Clerk cannot be chained into an attack on your application.
Security, privacy, and compliance in one platform
SOC2 Type II
HIPAA
CCPA
Session management
Speed up your application with sub-millisecond authentication
Clerk manages the full session lifecycle — starting the session, authenticating requests while active, and terminating it upon expiration or revocation.
Don't let auth slow your critical path
Clerk's session architecture is purpose-built for performance and low-latency across the globe. Skip the effort and complexity of building your own session management infrastructure.
Stop account takeovers in their tracks
Our team is continuously assessing and protecting against the latest threats. Never again compromise on critical features like session revocation because they take too long to build.
Multi-account, multi-device, multi-session by default
Most modern applications expect users to have separate accounts for business and personal use. Clerk's session management lets users sign into multiple accounts simultaneously and switch between them as needed.
Start now, no strings attached
Integrate complete user management in minutes. Free for your first 50,000 monthly retained users and 100 monthly retained orgs. No credit card required.
