PropelAuth BYO is a self-hosted sidecar, written in Rust, that lets you add only the auth pieces you need, without replacing what already works. Run it in your cloud, keep full control of your data, and adopt features one at a time - SSO, SCIM, Session Management, Passkeys, and more.

Each feature is independently adoptable and designed to slot into your existing flows. No rip-and-replace required.

How does BYO Work?

PropelAuth BYO works alongside your current authentication system. With PropelAuth BYO, you get advanced features like Session Management and Passkey MFA without touching your existing authentication flow. You make requests to BYO like auth.sso.finishLogin({...}) and get back either the user’s data OR a detailed error. It is an incredibly flexible solution, and you can use it to augment your existing auth system or even replace it over time.

Integration is straightforward: just point BYO at your Postgres database (existing or new). PropelAuth BYO creates its own tables prefixed with pa_ to avoid conflicts.

By contrast, in a typical third-party auth setup, users interact directly with the provider for login and session management. User data lives with the auth provider, and you often use webhooks or other processes for syncing data to your database.

Note

The above diagram also shows how PropelAuth Cloud works.

Ready to get started with BYO? Check out our Installation guide.