ToolPick
Auth Identity

Clerk vs Auth0 vs Supabase Auth (2026): Pricing at Scale

We priced Clerk, Auth0, and Supabase Auth against their official 2026 pages: free tiers, cost per MAU at 10K/100K/1M users, SSO, lock-in, and who wins.

/14 min read
Head-to-head comparison

Decision Brief

What to do with this research

100Decision-ready

Supabase Auth is the cheapest by a wide margin at every scale and the easiest to leave; Clerk gives React and Next.js teams the fastest, cleanest developer experience plus strong mid-market B2B org tooling; Auth0 has the deepest enterprise identity feature set and charges accordingly. Most new consumer apps should start on Clerk's or Supabase's free tier and reach for Auth0 only when compliance or genuinely complex identity forces it.

Best forbuyers checking whether a plan still fits their team size and monthly budget
ClusterSaaS Pricing Checks
FreshnessChecked within 30 days
Depth2,725 words / 12 sections
Sources6 official sources checked
Watch this decision

SaaS Pricing Checks changes

Get a practical ToolPick alert when pricing, free-plan limits, policy risk, or alternatives change.

Weekly at most · one-click unsubscribe

Quick AnswerSupabase Auth = cheapest & lowest lock-in; Clerk = best DX; Auth0 = enterprise depth

Supabase Auth is the cheapest by a wide margin at every scale and the easiest to leave; Clerk gives React and Next.js teams the fastest, cleanest developer experience plus strong mid-market B2B org tooling; Auth0 has the deepest enterprise identity feature set and charges accordingly. Most new consumer apps should start on Clerk's or Supabase's free tier and reach for Auth0 only when compliance or genuinely complex identity forces it.

  • Supabase Pro includes 100,000 MAU for $25/mo, then just $0.00325/MAU — roughly 5-20x cheaper than rivals at scale
  • Clerk bills retained users, not raw signups: someone who never returns after the first 24 hours is free
  • Auth0's free tier is a generous 25,000 MAU, but moving to paid B2C Essentials drops your included users to 500
  • All three are free for small apps (Clerk 50K MRU, Auth0 25K MAU, Supabase 50K MAU) — don't migrate for a price problem you don't have yet

Keep reading for the full analysis.

Answer first, then compare

Where this decision goes next

Skip the scroll: the pages most readers open after this one.

AI-Powered Cybersecurity for SaaS ApplicationsRead the next related article.

Why this comparison comes down to cost per user

Authentication is one of the few line items on your bill that grows in lockstep with how well you're doing. Every new signup is potentially a monthly-active user (MAU) you pay for, so a plan that feels free at 5,000 users can quietly turn into a five-figure invoice at 500,000. That's the whole reason auth migrations happen.

So this piece leads with the number that actually decides most of those migrations: what each provider costs per user as you grow. Developer experience, enterprise features, and how hard it is to leave all matter too, and they get their own sections below. But cost per MAU is the axis that produces 10x swings, and it's where Clerk, Auth0, and Supabase Auth diverge most sharply.

Every price below was checked against the vendors' own pricing pages on 2026-07-11. Pricing moves — re-open the linked pages before you commit a budget to any of these.

The Verdict

Your situationPickWhy
Solo or side project, under 50K usersClerk or Supabase (both free)Clerk free to 50K retained users; Supabase free to 50K MAU
Next.js/React app, want auth done in an afternoonClerkBest prebuilt components and DX by a distance
Already building on Supabase PostgresSupabase AuthBundled in the $25 Pro plan, native to RLS
Cost-sensitive B2C at 100K–1M+ MAUSupabase Auth~$0.00325/MAU, far below either rival
B2B SaaS needing org management + per-tenant SSOClerk (mid-market) or Auth0 (enterprise)Clerk's orgs cost less; Auth0's SSO is more battle-tested
Regulated, heavy compliance, complex identityAuth0Deepest protocol support, Okta-backed compliance
Want minimal lock-in or the option to self-hostSupabase AuthOpen-source GoTrue (Apache 2.0), self-hostable
Need SAML/OIDC connections on a tight budgetSupabase or Clerk add-onAuth0 puts real enterprise use on pricier tiers

Per-scenario single picks:

  • Fastest to ship on React/Next.js: Clerk.
  • Cheapest above the free tier, at any scale: Supabase Auth.
  • Most enterprise-ready out of the box: Auth0.
  • Lowest lock-in: Supabase Auth (open source).
  • Best B2B org and SSO value for mid-market: Clerk.
  • Already comfortably inside a free tier? Stay there. Don't over-engineer this.

Three billing models that behave nothing alike

All three hand you a generous free tier, which is exactly why the decision almost never bites at launch. It bites at scale. And the reason it bites so unevenly is that the three meters count fundamentally different things.

Clerk bills Monthly Retained Users (MRU), not raw MAU. Per clerk.com/pricing, a signup only becomes billable once that person returns "to your app at least 24 hours after signing up." The first day is always free, and anyone who signs up and never comes back is never charged. For consumer apps with a lot of one-and-done signup traffic, that can shave a meaningful slice off the billable count compared with a raw MAU meter.

Auth0 bills straight MAU, on published plan tiers, with the steepest per-user economics of the three once you outgrow the free plan.

Supabase also bills MAU — but with by far the lowest per-user rate and the largest included allotments, so the meter barely registers until you're well into the hundreds of thousands.

Because Clerk counts retained users while the other two count active ones, the tables that follow are directionally comparable rather than perfectly apples-to-apples. Wherever I model Clerk at "100K users," the real Clerk invoice usually lands lower, because a chunk of those signups never return.

Head-to-head pricing (verified 2026-07-11)

ClerkAuth0Supabase Auth
Free tier50,000 MRU/app25,000 MAU50,000 MAU
Entry paid planPro — $25/mo ($20 annual)B2C Essentials — $35/mo (500 MAU)Pro — $25/mo
Included on entry plan50,000 MRU500 MAU100,000 MAU
Per-user overage$0.02 (50K–100K), $0.018 (100K–1M), $0.015 (1M–10M), $0.012 (10M+)~$0.07/MAU (third-party est.)$0.00325/MAU
Mid tierBusiness — $300/mo ($250 annual)B2C Professional — $240/mo (from 500 MAU)Team — $599/mo
Enterprise SSO (SAML/OIDC)1 on Pro; +$75/mo each (2–15)1 + SCIM on Free; real use on paid tiers50 included on Pro/Team, then $0.015/MAU
B2B/org add-on+$100/mo ($85 annual)Separate B2B plans from $150/mo (Pro $800/mo)App logic; SAML add-on above
MFAIncluded (Pro/Business)Pro MFA (Essentials) / Enterprise MFA (Professional)Basic included; phone MFA $75/mo + $10/project
Open source / self-hostNoNoYes (GoTrue, Apache 2.0)
Billing unitRetained users (MRU)Active users (MAU)Active users (MAU)

Sources: clerk.com/pricing, auth0.com/pricing, supabase.com/pricing. One caveat on the Auth0 column: its page lists discrete MAU tiers (B2C runs up to 50,000, with Professional showing set prices to 20,000 before it switches to "contact us") and does not print a per-MAU overage rate. The ~$0.07/MAU figure I use to model six- and seven-figure scale comes from third-party analysis at ssojet.com and costbench.com, so treat the largest Auth0 estimates below as directional.

What the same app costs at three sizes

These are modeled from published rates. Clerk figures assume the worst case — every user retained — so real bills usually run lower. Auth0 figures beyond its published tiers (B2C tops out at 50,000 MAU) lean on the third-party $0.07/MAU overage and are directional, since Auth0 pushes large B2C volumes into custom enterprise quotes.

At ~10,000 users

  • Clerk: $0 on Free, comfortably under the 50K MRU line. $25/mo if you want Pro features.
  • Auth0: $0 on Free if free-tier features are enough for you. Paid B2C Essentials at 10K MAU runs $700/mo, and Professional at the same 10K is $1,600/mo (auth0.com/pricing).
  • Supabase: $0 on Free under 50K MAU, or $25/mo for Pro.

At ~100,000 users

  • Clerk: Pro $25 + (100,000 − 50,000) × $0.02 = ~$1,025/mo worst case. The MRU meter typically lands it lower.
  • Auth0: Past every published tier. At the $0.07/MAU overage, roughly $6,000–$7,000+/mo before any enterprise discount — realistically a "contact sales" conversation, not a self-serve number.
  • Supabase: Pro already includes 100,000 MAU, so $25/mo right at 100K, then $0.00325/MAU above that (supabase.com/pricing).

At ~1,000,000 users

  • Clerk: $25 + (50K × $0.02) + (900K × $0.018) = ~$17,225/mo worst case.
  • Auth0: Around $70,000/mo at list — a figure nobody actually pays, because at this scale it's a negotiated enterprise contract. The direction is the point: comfortably the most expensive.
  • Supabase: Pro $25 + (900,000 × $0.00325) = ~$2,950/mo (Team plan lands near $3,524/mo with its higher base).

The ranking holds at every step, and the gap only widens with each order of magnitude: Supabase is cheapest, Clerk sits in the middle, Auth0 sits well above both.

The Auth0 "upgrade penalty" worth understanding before you sign up

Auth0's free tier gives you 25,000 MAU — raised from 7,500 back in September 2024, per Auth0's own announcement. Generous, until the day you need one paid feature. The moment you move to B2C Essentials, your included MAU drops from 25,000 to 500 (auth0.com/pricing). You start paying $35/mo and get 50x fewer included users, because the paid tiers are priced around feature access, not around how many users they hand you.

That cliff is why founders describe Auth0 as a "growth penalty" (securityboulevard.com). The lurch from free to paid — and again from Essentials to Professional — is where the invoice jumps. The overage rate reportedly climbed to about $0.07/MAU, roughly triple the pre-2023 rate of $0.023 (ssojet.com). None of this makes Auth0 a bad product; it's still the most capable identity platform in this comparison. It just means you pay for that capability whether or not you use all of it.

Developer experience

Clerk is the clear DX leader for the React and Next.js world. Drop in <SignIn />, <UserButton />, and <OrganizationSwitcher />, and you have a polished, themeable auth flow — multi-tenant organizations included — running the same afternoon you started. Hooks like useUser() and useAuth() make session state a non-event. If you're on the Next.js App Router and you want auth to simply stop being something you think about, Clerk is hard to beat. The catch is that the convenience is Clerk-shaped: those components and the hosted user store are the product, and they're exactly what you'd have to unwind if you ever left.

Supabase Auth shines when you're already on Supabase. Its real trick is that JWT claims from Auth are readable inside Postgres Row-Level Security policies through auth.uid(), so your authorization logic can live in the database instead of a separate service (supabase.com/docs). For data-heavy apps already leaning on Supabase's Postgres, that folds two layers into one. The supabase-js client and the prebuilt Auth UI are solid — a little less glossy than Clerk's components, but perfectly capable. Step outside the Supabase ecosystem, though, and the pitch weakens; at that point you're adopting a whole database just to get its auth.

Auth0 is the most configurable and, unavoidably, the most complex. Actions (formerly Rules and Hooks) let you run custom logic inside the auth pipeline; custom database connections let you authenticate against a legacy user store; it speaks OIDC, SAML, and WS-Fed fluently. All that power comes with a learning curve, and small teams have a habit of over-configuring it. Auth0 is what you reach for when your identity requirements are genuinely complicated — not when speed is the goal.

Enterprise features

Selling into enterprises means a familiar checklist: SSO (SAML/OIDC), SCIM provisioning, MFA, RBAC, audit logs, and the compliance certifications procurement will ask about.

Auth0, owned by Okta, goes deepest. It has the widest protocol support, mature attack protection, enterprise-grade MFA, fine-grained authorization, and the compliance posture large buyers expect to see. Its free tier even bundles 1 enterprise connection plus SCIM (auth0.com/pricing) — but production enterprise use lands you on tiers that open at $150/mo for B2B Essentials and climb quickly from there (B2B Professional starts at $800/mo).

Clerk has closed a lot of that gap for the mid-market. Organizations, roles, and per-org SSO are all first-class. The B2B Authentication add-on is $100/mo, with enterprise SAML/OIDC connections at $75/mo each (clerk.com/pricing) — materially cheaper than Auth0's B2B plans for teams that don't need Auth0's full extensibility.

Supabase Auth supports SAML SSO on Pro and Team (50 connections included, then $0.015/MAU) and offers phone-based MFA as a paid add-on (supabase.com/pricing). What it doesn't give you is turnkey org management and enterprise-connection tooling on the level of the other two. You'll be building more of the multi-tenant scaffolding yourself.

Lock-in and migration

Supabase Auth has the lowest lock-in of the three, and it isn't close. The auth server, GoTrue, is Apache 2.0 licensed and self-hostable, and Supabase deliberately keeps the door open with pg_dump and ordinary Postgres tooling (supabase.com/docs). If the managed price ever stops adding up, self-hosting is a genuine exit rather than a theoretical one. The wrinkle: the very RLS integration that makes Supabase Auth special is also a form of coupling. Your database policies lean on the auth schema and auth.uid(), so moving off means rebuilding your authorization layer. The classic post-migration failures — a missing auth.uid() function, mismatched JWT secrets, an omitted auth schema — all trace straight back to that dependency.

Auth0 keeps protocol lock-in low by being standards-based (OIDC and SAML), which makes your relying-party integrations portable. Actions, Rules, custom database scripts, and the hosted user store are where the real switching cost hides. Bulk user export works, and password hashes can be exported (usually via a support request), so a migration is feasible — it's just labor. And Okta's ownership gives Auth0 pricing leverage you tend to feel most at renewal.

Clerk keeps your users exportable, password hashes included, and issues standard JWTs, so sessions aren't a black box you can't reason about. Its lock-in sits at the UI layer: the prebuilt components and hooks that make Clerk quick to adopt are precisely the pieces you'd rewrite on the way out. For plenty of teams that's a fair trade — just budget for it honestly.

Whichever way you go, the expensive parts of switching auth are the same and rarely the bill itself: re-enrolling MFA (TOTP secrets generally don't transfer), reconfiguring social and enterprise connections, matching JWT secrets so you don't mass-invalidate every live session, and planning a cutover that doesn't lock real users out mid-flight.

When to stay put

Sometimes the right call is not switching at all. A few situations where I'd leave things where they are:

  • You're still inside a free tier. Clerk (50K MRU), Auth0 (25K MAU), and Supabase (50K MAU) all cost nothing at small scale. Don't run a migration to solve a pricing problem you don't have yet.
  • You're mid-contract on Auth0 enterprise. List overage can look brutal, but enterprise deals are negotiated. Renegotiate or right-size your tier before you rip out a working identity provider — a migration project can easily cost more than a year of the overage you're trying to dodge.
  • Your authorization lives in Postgres RLS on Supabase. Leaving means rebuilding authz, not just re-pointing an SDK. That's a large, risky project. Stay unless the reason to move is existential.
  • Clerk's DX is why your small team ships fast. If two engineers are moving quickly because auth is simply not a problem they think about, a $25–$300/mo Clerk bill is cheaper than the engineering hours a "cheaper" self-managed setup would eat. Cost per MAU only wins the argument once MAU is genuinely large.
  • You need one specific thing only Auth0 has — a particular protocol, authorization at Auth0's depth, a specific compliance attestation. Real feature necessity beats price every time. Just confirm the requirement is real before you pay the premium for it.

Bottom line

Here's the honest summary. Supabase Auth wins on price and on lock-in, Clerk wins on developer experience and mid-market B2B value, and Auth0 wins on enterprise depth — and prices itself to match. Your job is to figure out which of those axes actually constrains you, then pick for that one.

For most new consumer apps that expect to scale, starting on Supabase Auth or Clerk's free tier is the right move, with Supabase the safer long-run bet if cost is what keeps you up at night. For B2B SaaS, Clerk covers the mid-market cleanly and Auth0 covers the enterprise ceiling. Reach for Auth0 when identity complexity or compliance — not habit, and not brand familiarity — is what makes it necessary.

Sources

  • clerk.com/pricing — Clerk free tier (50K MRU), Pro $25/mo ($20 annual), Business $300/mo ($250 annual), MRU definition, graduated overage bands, B2B add-on $100/mo, enterprise connections $75/mo each, satellite domains $10/mo, MFA inclusion (fetched 2026-07-11)
  • auth0.com/pricing — Auth0 free 25K MAU, B2C Essentials $35/mo (500 MAU), B2C Professional $240/mo, tier prices at 10K MAU ($700 Essentials / $1,600 Professional), published B2C tiers to 50K, B2B Essentials $150/mo and Professional $800/mo, free-tier enterprise connection + SCIM, MFA tiers (fetched 2026-07-11)
  • supabase.com/pricing — Supabase Free 50K MAU, Pro $25/mo with 100K MAU + $0.00325/MAU, Team $599/mo, SAML 50 included then $0.015/MAU, phone MFA $75/mo + $10/project (fetched 2026-07-11)
  • auth0.com/blog/auth0-plans-got-an-upgrade — Auth0 free tier raised from 7,500 to 25,000 MAU, announced September 24, 2024 (verified 2026-07-11)
  • ssojet.com/blog/auth0-pricing-growth-penalty — Auth0 ~$0.07/MAU overage (up from ~$0.023 pre-2023), "growth penalty" framing (verified 2026-07-11)
  • securityboulevard.com — Auth0 overage escalation analysis (verified 2026-07-11)
  • costbench.com — Auth0 — third-party Auth0 tier and overage cross-check (verified 2026-07-11)
  • supabase.com/docs — self-hosting Auth and Supabase architecture — GoTrue Apache 2.0, self-hosting, RLS/auth.uid() integration and migration caveats (verified 2026-07-11)

A note on the Auth0 figures: at 10,000 MAU the $700 (Essentials) and $1,600 (Professional) prices come straight from the official page. Estimates at 100,000 and 1,000,000 MAU are directional, built on the third-party $0.07/MAU overage, because Auth0's published B2C tiers stop at 50,000 MAU and route larger volumes to custom enterprise quotes.

📬 Get the Weekly SaaS Digest

New tool reviews, pricing-change alerts, and stack cost tips — one email a week, one-click unsubscribe. No spam, no fake urgency.

Continue the research

Turn this article into a decision path

Every ToolPick article should lead to a second useful page: another article, a hub, or a calculator action.

AI-Powered Cybersecurity for SaaS ApplicationsRead the next related article.

Related Articles