Authr
← The Journal
Engineering·May 19, 2026·7 min

Scaling to 5 billion monthly authentications

TH
Tomás Herrera
VP of Engineering

In April we crossed 5 billion authentications in a calendar month for the first time. Four years ago that number was around 120 million. Forty-fold growth is the kind of milestone that reads as a victory lap, so let me be clear up front: this post is mostly about the things that nearly broke, because those are the parts worth reading.

Cells, not regions

The single most important decision we made was in late 2023, when we stopped thinking in regions and started thinking in cells. A cell is a fully independent slice of the platform: its own token signing hierarchy, its own session store, its own rate limiters, capped at a size where we have actually rehearsed losing it. Today we run 87 cells across 34 edge regions. No customer spans fewer than three cells, and no cell serves more than 2 percent of global traffic.

The discipline that matters is not the architecture diagram, it is the cap. Every time a cell approaches 70 percent of its rehearsed capacity, we split it. Splitting is boring by design: we have done it 61 times, and the last 40 required no human in the loop beyond an approval click.

The near-miss that changed our roadmap

In November 2025 a directory sync surge from a single customer, a merger integration pushing 900,000 SCIM operations in an hour, saturated the write path of a session store shard and pushed p99 token issuance in one cell from 38ms to 210ms. No SLA breach, no customer ticket, but our internal error budget for that cell burned 30 days of margin in 40 minutes. The postmortem produced admission control for bulk directory operations, which is why Directory Sync now negotiates a write budget with the target cell before a large sync begins.

# cell admission policy (excerpt)
admission:
  scim_bulk:
    max_concurrent_syncs: 4
    write_budget_per_min: 120000
    overflow: queue        # never shed, never block interactive auth
  interactive_auth:
    priority: guaranteed
    preempts: [scim_bulk, audit_backfill]

What 5.2 billion actually costs

Our contractual SLA is 99.999 percent. Trailing twelve-month actual is 99.9994 percent, which sounds like a rounding error until you translate it: across 5.2 billion monthly authentications, the difference between those two numbers is roughly 47,000 requests a month that we are contractually allowed to fail and choose not to. That margin is not free. It is 87 cells, three independent time sources, quarterly region evacuation drills, and an on-call rotation that treats a 1 percent error-budget burn as a page.

The next order of magnitude will not come from human logins. Agent-initiated authentication is already the fastest-growing traffic class on the platform, and its burst profile looks nothing like a Monday morning in Sydney. That is next year's post. This year, I am mostly relieved the pager stayed quiet through the milestone.

TH
Tomás Herrera
VP of Engineering, Authr

Writing from inside the identity layer since 2026. For the conversation this post starts, bring it to your next architecture review — or to ours.

More Engineering

Your security review will ask about identity. Have the good answer.

Talk to an identity architect about your stack, your compliance surface, and your migration path. Technical from the first call.

Enterprise only · No self-serve tier · Typical procurement to production: 6 weeks