Start with Identity
Open-Source IAM

Hanko

Founded 2020Kiel, GermanyPrivate (open source)Score 3.9/5Evaluated 2026-06-19Website ↗

Capability scores

Methodology →
Authentication
4.5
SSO & Federation
4.5
Authorization
4.0
Lifecycle & Provisioning
3.5
MFA & Passwordless
5.0
Governance & Audit
3.0
Developer Experience
4.5
Deployment Flexibility
5.0
Pricing Transparency
5.0
Support & Ecosystem
3.0

Scored 0–5 against a published rubric. Independent analysis, no vendor sponsorship.

Overview

Hanko is an open-source, passkey-first authentication project from Kiel, Germany, founded in 2020. It targets startups and product teams that want to adopt passwordless login built on FIDO2 and passkeys without standing up a heavy identity platform. Hanko is open core: the backend and components are open source and self-hostable, with a managed cloud tier available. For the underlying concepts, see passkeys 101 and what is passwordless.

What it is good at

Passwordless is the entire focus, and it shows. Hanko provides drop-in web components for passkey registration and login, a backend that implements FIDO2 and WebAuthn cleanly, and support for fallbacks such as email and passcodes during the migration away from passwords. The components are framework-agnostic and quick to integrate, and the open-source license plus self-hosting give full control over the auth layer and user data.

Where it falls short

Hanko is an authentication component, not a full identity platform. It does not aim to be an enterprise IdP, so broad legacy protocol coverage, SAML federation, advanced lifecycle provisioning, and deep governance are out of scope. The ecosystem and production references are still maturing. Teams needing full SSO and federation should look at Keycloak or Zitadel, and those wanting more application-side breadth at Better Auth.

Pricing

The core is free and open source, self-hostable at no license cost. Hanko offers a managed, usage-based cloud tier. Compare the options with the TCO calculator.

Best for, and who should look elsewhere

A strong fit for teams going passkey-first who want clean, open-source passwordless components without committing to a full platform. Look elsewhere if you need broad protocol coverage, enterprise SSO and federation, or deep governance and audit.

Bottom line

A focused, well-built open-source choice for passkey-first authentication, best when passwordless is the goal rather than a full identity platform.

More Open-Source IAM vendors

All Open-Source IAM

By SWI Community Team · Last evaluated 2026-06-19

Independent, community-driven analysis. No vendor sponsorship. Compiled from public research and community input and verified on a best-effort basis, so details may be incomplete or out of date. Scores are opinions, not advice. Trademarks belong to their owners; mention does not imply affiliation or endorsement. See the full disclaimer, or send corrections to community@startwithidentity.com.