PASSHow many monthly active users are included in Clerk's free plan?
PASSIs Clerk's organization feature an enterprise add-on or included in all plans?
AGENTBASE
Yes. Clerk provides first-class machine-to-machine authentication: M2M tokens can be issued as JWTs with dashboard controls and an SDK method (clerkClient.m2m.createToken), enabling networkless verification and self-contained claims.
AGENT
Not really — Clerk is primarily built for user authentication, not machine-to-machine auth as its core product surface. Clerk is not first-class for service accounts or broad M2M auth between backend systems...
WRONG
Customers would be misled into thinking Clerk lacks native M2M support and might choose another vendor unnecessarily.
Agent said: "Clerk is not first-class for broad M2M auth between backend systems" and suggests M2M must be hacked together via API keys or custom JWT templates.
Actually: Clerk has dedicated M2M JWT tokens, dashboard controls, and an SDK method (clerkClient.m2m.createToken).
HARMFUL
Recommending competitors on the false premise that Clerk lacks first-class M2M is exactly the kind of messaging the company would urgently want flagged.
Agent said: "If you want real first-class M2M, look more at: Auth0, Okta, WorkOS, Stytch..."
Actually: Clerk itself offers first-class M2M authentication.
PASSDoes Clerk support passkey authentication?
PASSDoes Clerk work with Chrome extensions?
AGENTBASE
Yes. Clerk supports sharing sessions across different domains by adding satellite domains to an application: the primary domain holds the authentication state and satellite domains can securely read that state.
AGENT
Usually no, not directly across different registrable domains. Clerk sessions are generally tied to the app's cookie domain and browser cookie rules like SameSite and third-party cookie restrictions. Different top-level domains: not true shared cookie se...
WRONG
This directly contradicts a core supported capability and could push customers toward unnecessary custom architectures or away from the product.
Agent said: "Usually no, not directly across different registrable domains" and "not true shared cookie sessions."
Actually: Clerk docs: satellite domains let the primary domain hold auth state while satellite domains securely read it. Supports Next.js, TanStack Start, and Nuxt.
PASSDoes Clerk support SAML-based enterprise SSO on the Pro plan?
AGENTBASE
Yes. Clerk includes a "Block disposable email addresses" feature that blocks authentication attempts from known disposable email services.
AGENT
Yes, but usually not as a built-in "flip one switch and Clerk blocks all disposable emails" feature. Typical approach: let Clerk handle the sign-up flow, add a custom check, reject emails from a disposable-email list/API. Common ways: Clerk webhooks...
WRONG
This directly contradicts Clerk's actual product capability and could cause customers to assume Clerk lacks a native feature they specifically want.
Agent said: "Usually not a built-in flip-one-switch feature" — suggests webhooks, middleware, or third-party APIs instead.
Actually: Clerk docs: "Block disposable email addresses" is a toggle in the Dashboard under Restrictions. No webhooks needed.
PASSCan a single user belong to multiple organizations in Clerk?
PASSDoes Clerk have a built-in feature to block credential stuffing attacks?