Tesseral

The open source platform for managing identity in business software

Winter 2024active2024•Website

Developer ToolsSaaSSecurityOpen SourceAPI

Disclaimer

FYI Combinator is not affiliated with Y Combinator. Reports are generated by AI Research Agents and may not be 100% accurate.

Documenso

Open source e-signing

The open source DocuSign alternative. Beautiful, modern, and built for developers.

Learn more →

Your Company Here

Sponsor slot available

Want to be listed as a sponsor? Reach thousands of founders and developers.

Report from 26 days ago

What do they actually do

Tesseral is an open‑source, cloud‑first identity service for B2B (multi‑tenant) apps. Teams can use the hosted console or self‑host the MIT‑licensed code from GitHub. It ships managed login pages and developer SDKs (e.g., Next.js) so apps can redirect to a hosted login and fetch the authenticated user in server/client code; it also supports enterprise SSO (SAML/OIDC), SCIM user provisioning, role‑based access control, user impersonation, audit logs, managed API keys, MFA/passkeys/TOTP, and webhooks (Quickstart/SDKs • Next.js SDK • SAML • SCIM • RBAC/impersonation • MFA • Managed API keys).

Typical use: a developer creates a project and keys in the Tesseral Console, installs the SDK/middleware to handle auth redirects, and configures SSO/SCIM and roles as needed; integrations and machine/agent access use scoped, rotating API keys with logging for traceability (Quickstart • Next.js SDK • SAML/SCIM • AI & machine identity). The hosted service is live with a free “Studio” tier for early use, and the full code and docs are public on GitHub (Pricing • GitHub repo • Docs).

Who are their target customer(s)

Early‑stage B2B SaaS founder or engineering lead: They’re spending time maintaining a homegrown auth system and worry about security gaps; they want a drop‑in, documented way to get secure auth working quickly (Quickstart/SDKs • GitHub).
Enterprise IT or identity admin at a customer company: They need reliable SSO and automatic user provisioning/deprovisioning across tools to reduce manual work and risk (SAML SSO • SCIM provisioning).
Support or customer‑success engineer at a B2B app: They must reproduce customer issues safely and keep a clear audit trail of any actions taken (RBAC & impersonation).
Platform/security engineer responsible for APIs and automation: They struggle to issue, scope, and rotate credentials for services and AI agents, and need detailed logging for investigations (Managed API keys • AI & machine identity).
Compliance/operations manager at a mid‑to‑large company: They require SLAs, white‑glove onboarding, deployment options, and protections before approving a vendor for core systems (Pricing / Enterprise features).

How would they acquire their first 10, 50, and 100 customers

First 10: Convert developers via the open‑source funnel: drive from GitHub and docs to the free Studio tier and quickstart, and recruit a few pilots from YC/launch press and founder networks for fast feedback and initial case studies (GitHub • Pricing • Quickstart • YC profile).
First 50: Scale developer demand with tutorials, examples, and SDK coverage; run targeted community campaigns and add a growth/SDR for focused outbound to small SaaS teams and integration partners (Next.js SDK • Docs).
First 100: Shift from freemium pilots to repeatable enterprise deals: add sales engineering and CS for white‑glove pilots, formalize enterprise packaging (SLA/custom deployments), and recruit implementation partners/marketplaces to grow inbound (Pricing / Enterprise).

What is the rough total addressable market

Top-down context:

Identity categories relevant to Tesseral—workforce IAM, CIAM, API security, and machine identity—collectively sum to tens of billions globally; a conservative, de‑duplicated view puts the opportunity roughly in the $30B–$45B range in the mid‑2020s (IAM • CIAM • API security • Machine identity).

Bottom-up calculation:

Using 2025 figures: IAM ≈ $26B + CIAM ≈ $14B + API security ≈ $1–1.5B + machine identity ≈ $3–4B yields ≈ $44–45B nominal; subtracting overlap between IAM and CIAM gives a conservative ≈ $30B–$45B combined TAM (MarketsandMarkets IAM • MarketsandMarkets CIAM • Fortune Business Insights • DataIntelo).

Assumptions:

Market sizes reference 2025 estimates from cited firms and reflect global spend.
IAM and CIAM overlap is material; de‑duplication is applied rather than summing categories outright.
Machine identity figures exclude broader PKI/secrets markets beyond identity management to stay conservative.

Who are some of their notable competitors

Keycloak: Open‑source, self‑hosted identity and access server with SAML/OIDC, LDAP/AD federation, RBAC, and admin tooling; powerful but you operate and extend it yourself.
Ory: Open‑source, modular identity stack (Kratos, Hydra, Keto) offered self‑hosted or managed; emphasizes developer control for human and machine/agent identities.
Auth0 / Okta: Commercial, hosted identity platform with broad SDKs and enterprise features (SSO, SCIM, orgs, auditing); optimized for managed service adoption over source availability.
WorkOS: Developer‑focused APIs for enterprise features (SAML/OIDC SSO, Directory Sync/SCIM, audit logs, admin portal) to make apps enterprise‑ready quickly without running identity servers.
FusionAuth: API‑first auth product available self‑hosted or in the cloud; supports SAML, SCIM, RBAC, and enterprise deployment/support options for teams wanting hosting control.