Aserto
A fine-grained authorization service for applications and APIs.
Founded
2021
Core Engine
Open Policy Agent (OPA)
Deployment Model
Cloud, Self-Hosted
About Aserto
Aserto is a fine-grained authorization service designed for modern applications and APIs. It allows developers to manage permissions using a policy-as-code approach, leveraging the Open Policy Agent (OPA) engine for real-time evaluations. The platform includes a centralized control plane for managing policies, a directory for user and resource context, and SDKs for multiple programming languages like Go, Python, Java, and JavaScript. Aserto can be consumed as a cloud service or deployed self-hosted, offering flexible solutions for implementing role-based access control (RBAC) and attribute-based access control (ABAC) with low latency.
Core Features
Policy-As-Code
Manage authorization policies in code for versioning, auditing, and collaboration.
Fine-Grained Authorization
Implement attribute-based and relationship-based access control (ABAC/ReBAC).
Unified Directory
Centralize user profiles, attributes, roles, and resource hierarchies.
Decision Logs
Audit and debug every authorization decision made by the service.
Developer Toolkit
Language Sdks
Go, Python, Java, JavaScript, .NET, Ruby
Policy Authoring
Use Open Policy Agent's Rego language or a visual policy builder.
Integrations
Connects with identity providers, CI/CD pipelines, and data sources.