Pricing

Per-tenant, no metering, no surprises

Predictable per-tenant pricing. No per-agent fees, no per-call metering, no overage charges. Pick the tier that fits your deployment; upgrade when you grow past it. Free OSS tier for everyone.

OSS / Community

Apache 2.0 gateway, extractor, SDKs, helm chart, and basic operator console. For developers, OSS adopters, and small deployments running their own authorization layer.

Free
forever
  • Four-check pipeline
  • Capability tokens + attenuation
  • Tamper-evident audit chain
  • Multi-tenant scoping
  • Webhook emitter + SIEM forwarders
  • Python + TypeScript SDKs
  • Helm chart + basic console
  • Community support (GitHub Issues)
View on GitHub

Pro

Everything in OSS plus the commercial operator console: SSO, RBAC, SCIM, TOTP step-up, JIT elevation, audit verify, audit export. For single-tenant enterprises that need an enterprise operations layer.

Contact
per tenant, annual
  • Everything in OSS
  • OIDC SSO (Okta, Entra, Auth0, etc.)
  • Viewer / operator / admin RBAC
  • SCIM 2.0 provisioning
  • TOTP step-up authentication
  • Slack / Teams / PagerDuty channels
  • JIT admin elevation lifecycle
  • /audit/verify dashboard
  • Audit export (CSV / NDJSON)
  • AI-assisted Rego authoring
  • Email support, 1 business day response
Start a pilot

Enterprise

Pro plus multi-tenant, SLA, Slack Connect, named CSM, roadmap input. For MSPs, platform teams running IntentGate across customer or business-unit boundaries, and regulated industries with contractual SLAs.

Contact
up to 5 tenants, annual
  • Everything in Pro
  • Up to 5 tenants (more available)
  • Contractual SLA
  • Slack Connect channel
  • Named customer success manager
  • Roadmap input
  • Quarterly business reviews
  • Compliance evidence pack templates
Contact sales

How we think about pricing

Per-tenant, not per-call. A tenant is one trust domain — one organization, one isolation boundary. We charge once per tenant. If you run a thousand agents on it, the price doesn't move. Per-call pricing creates a perverse incentive ("we're being charged more for using you, so we'll use you less") that we won't introduce on a security product.

No metered overage. If your deployment outgrows a tier's tenant cap, that's an upgrade conversation, not a surprise invoice. Conversations are renewals; surprises are churn.

OSS is genuinely useful. The Apache 2.0 components include the entire authorization control point. Small deployments run the OSS and never need to upgrade. We're fine with that — the Pro tier targets enterprise operations, not the small-team developer.

Pricing transparency. The reason "Contact" sits in the price tiles above and not a specific number is procurement: every first deal is a small negotiation around tenant count, support commitments, and pilot scope. We'll publish public price ranges as soon as the first three commercial agreements anchor them.

Need something we haven't listed?

Pro services (policy authoring, SIEM wiring, custom Rego), volume discounts past 5 tenants, on-prem support — we'll quote.

Talk to us