OSS vs Cloud
Compare HelloJohn OSS (self-hosted) and HelloJohn Cloud. Understand the feature differences, pricing model, and which option is right for your project.
HelloJohn is available in two editions: OSS (open-source, self-hosted) and Cloud (managed service). Both use the same core auth engine. The difference is who operates it.
At a glance
| OSS (Self-Hosted) | Cloud | |
|---|---|---|
| Hosting | Your infrastructure | HelloJohn-managed |
| Price | Free (your infra costs) | Free tier + paid plans |
| Data ownership | 100% yours | Hosted by HelloJohn |
| Setup time | ~30 minutes with Docker | Instant |
| Multi-tenancy | Single tenant per instance | Unlimited tenants |
| Custom domains | ✅ Fully configurable | ✅ |
| SAML SSO | ❌ Not included | ✅ Enterprise |
| Audit log | ✅ 36 events | ✅ 36 events + Cloud dashboard |
| SLA | None (self-managed) | 99.9% uptime |
| Support | Community (GitHub) | Email + dedicated (paid plans) |
| Updates | Manual | Automatic |
| Source code | 100% open | Core is open-source |
HelloJohn OSS
The open-source edition is a single Go binary you run yourself.
Best for:
- Projects with strict data residency requirements
- Developers who want full control and zero vendor dependency
- Internal tools and private deployments
- Teams with the infrastructure to self-manage
What you get:
- Full auth server: login, registration, sessions, MFA, OAuth2, OIDC
- 7 SDKs (React, Next.js, Vue, Node.js, Python, Go, React Native, vanilla JS)
hjctlCLI for management- PostgreSQL, MySQL, and filesystem backends
- WebAuthn, TOTP, email, SMS MFA
- 9 social login providers
- Webhooks (36 audit events)
- MCP Server (AI agent control)
What you manage:
- Server infrastructure and uptime
- Database backups
- TLS certificates
- Version upgrades
HelloJohn Cloud
The managed edition runs on HelloJohn's infrastructure. You get the same auth engine without the operational overhead.
Best for:
- Startups and teams that want to ship fast
- B2B SaaS platforms that need multi-tenancy out of the box
- Projects that need enterprise features (SAML SSO, directory sync)
- Teams without dedicated infrastructure engineers
What you get (beyond OSS):
- Fully managed, auto-scaling infrastructure
- Web dashboard for tenant and user management
- Multi-tenant dashboard — manage all organizations in one place
- SAML SSO (Enterprise plan)
- Automatic version updates
- 99.9% uptime SLA
- Email and priority support
Pricing
OSS
Free forever. MIT-licensed. No usage limits, no telemetry by default.
Cloud
| Plan | Price | Included |
|---|---|---|
| Free | $0/mo | Up to 1,000 MAU |
| Starter | $25/mo | Up to 10,000 MAU |
| Pro | $99/mo | Up to 100,000 MAU + priority support |
| Enterprise | Custom | Unlimited MAU + SAML SSO + SLA + dedicated support |
MAU = Monthly Active Users (users who signed in at least once in the billing period).
Switching between OSS and Cloud is supported. Your user data can be migrated using hjctl migrate. See the migration guide →.
Feature parity
The core auth features are identical in both editions. Features that are Cloud-only are operational in nature (managed infra, dashboard UI) or enterprise-tier (SAML SSO):
| Feature | OSS | Cloud Free | Cloud Pro | Cloud Enterprise |
|---|---|---|---|---|
| Email/password auth | ✅ | ✅ | ✅ | ✅ |
| Social login (9 providers) | ✅ | ✅ | ✅ | ✅ |
| MFA (TOTP, WebAuthn, SMS) | ✅ | ✅ | ✅ | ✅ |
| Organizations | ✅ | ✅ | ✅ | ✅ |
| Custom claims & RBAC | ✅ | ✅ | ✅ | ✅ |
| Webhooks | ✅ | ✅ | ✅ | ✅ |
| MCP Server | ✅ | ✅ | ✅ | ✅ |
| Web dashboard | ❌ | ✅ | ✅ | ✅ |
| Multi-tenant dashboard | ❌ | ❌ | ✅ | ✅ |
| SAML SSO | ❌ | ❌ | ❌ | ✅ |
| Directory sync (SCIM) | ❌ | ❌ | ❌ | ✅ |
| Uptime SLA | ❌ | ❌ | ✅ | ✅ |
Next steps
How HelloJohn Works
A technical overview of HelloJohn's architecture — from login request to verified JWT. Understand the auth flow, token model, and tenant isolation.
Feature Matrix
Complete comparison of HelloJohn features across Free, Starter, Pro, and Enterprise plans, and between Cloud and Self-Hosted deployments.