Ory provides an open-source ecosystem of services that solve authentication and authorization. These services include Ory Kratos, an identity management server, and Ory Hydra, an OAuth 2.0 and OpenID Connect provider. Each service can work standalone, but you can also combine them to get the full feature set[^1^]. In a self-hosted environment, you can use Ory Hydra for OAuth 2.0 and OpenID Connect (OIDC) authentication. For example, in a GitLab integration, the first access of your GitLab instance will prompt you to change the root password. You should see an "Ory Hydra" Login-button. Clicking it will forward you to the hydra-consent-app, where you can log in. After that, you have to give consent to accessing your email address. Doing that should redirect you directly to your personal GitLab page. You have logged into GitLab via Ory Hydra[^4^]. On the other hand, Ory Kratos can be used for identity and account management[^2^]. It can be configured for multi-factor authentication, such as WebAuthn[^7^]. In terms of how they work together, Ory Hydra handles the OAuth 2.0 and OpenID Connect protocols, while Ory Kratos manages user identities. When a user tries to log in, they are redirected to the Ory Hydra consent app, where they can authenticate using their credentials managed by Ory Kratos. Once authenticated, Ory Hydra issues the appropriate tokens for the user to access the application[^1^]. [^1^]: (https://www.ory.sh/docs/ecosystem/projects) [^2^]: (https://www.ory.sh/docs/hydra/self-hosted/deploy-hydra-example#next-steps) [^4^]: (https://www.ory.sh/docs/hydra/self-hosted/gitlab#oauth2-login) [^7^]: (https://www.ory.sh/docs/kratos/self-hosted/mfa#webauthn)

To connect Ory Hydra and Ory Kratos in a self-hosted environment, you would typically follow these steps: 1. Deploy Ory Hydra: Follow the instructions in the [Ory Hydra documentation](https://www.ory.sh/docs/hydra/self-hosted/deploy-hydra-example#next-steps) to deploy Ory Hydra in your environment. This includes preparing for production, forking the Ory Hydra Node.js UI Reference or building a custom UI in the language of your choice. 2. Deploy Ory Kratos: Follow the instructions in the [Ory Kratos documentation](https://www.ory.sh/docs/kratos/ory-kratos-intro) to deploy Ory Kratos in your environment. This includes setting up the identity and account management. 3. Integrate Ory Hydra and Ory Kratos: Once both services are deployed, you can integrate them. This typically involves configuring Ory Hydra to use Ory Kratos for user authentication. Unfortunately, the provided knowledge sources do not include specific instructions or code examples for this step. Please note that while both Ory Hydra and Ory Kratos can be self-hosted, Ory Kratos does not support multi-tenancy in a self-hosted setup[^3^]. For more detailed instructions and support, consider reaching out to the Ory team or checking their [support plans](https://www.ory.sh/support/) specifically tailored for self-hosting organizations[^4^]. [^3^]: (https://www.ory.sh/docs/kratos/guides/multi-tenancy-multitenant) [^4^]: (https://www.ory.sh/contact/)