Fine-grained security for applications and APIs

Sea FloorLottieBubbleBubbleBubble
See a demo
Sea Floor

Easily add fine-grained, policy-based, real-time access control to your cloud applications and APIs.

Evolve your authorization model to support fine-grained access.

Never run out of room with your authorization model. Combine role and group information (RBAC), user or environmental attributes (ABAC), or relationships to resources (ReBAC) in access control policies.

allowed { input.user.department == "Sales" }
Use any user-centric attributes in your policies

Enforce in milliseconds, based on real-time data.

Deploy our authorizer as a sidecar or a microservice in your cloud, so your authorization calls complete in milliseconds.

Our authorizers cache all the data required to make access control decisions, and our control plane sends policy and data updates in real-time. As a result, authorization calls complete in milliseconds AND execute over fresh data.

Define and manage authz policies in one place.

Extract your authorization logic out of your application, and store and version it in a separate git repo, so both security and engineering teams can execute faster.

Build and tag your policies into immutable images, so you can sign them and verify the signatures, guaranteeing a secure software supply chain for policies.

Manage authorization policies from one place

Pick up where your identity provider leaves off.

IDPs authenticate users and manage their attributes, but they are NOT a proper authorization system.

Aserto integrates with your IDP and additional information sources, and makes it easy to add fine-grained access control based on user attributes, group membership, roles, and relationships to domain resources.

Aserto seamlessly integrates with IDPs

Enhance your security posture and simplify compliance.

Aserto collects and aggregates every authorization decision along with all of its inputs, so you have a complete audit trail, and can track an authorization to the policy version and data that was used.

Easily share these decision logs with your logging infrastructure by batch-loading them, or tapping into a stream.

Share fine-grained decision logs with your logging system

Integrates into your environment.

Connect your identity provider and directory as the source of truth for user information.

Use your source code repository and artifact registry to store and version policy code and policy images.

Stream or batch decision logs into your logging systems.

Aserto works with what you have

Works with your stack.

Wire up your application to the Aserto authorizer using any of our many language SDKs, middleware, or via our gRPC / REST APIs.

const { jwtAuthz } = require("express-jwt-aserto") const checkAuthz = jwtAuthz({ ... }) // ... app.get("/protectPath/:param", checkJwt, checkAuthz, async (req, res) => { ... } )
Node.js
Go
Python
ASP.Net
Ruby

Cloud-native authorization, built on an open foundation.

Our system is based on a modern, cloud-native, open-source foundation, which includes Topaz, Open Policy Agent (OPA), Policy CLI / Open Policy Registry, and Sigstore / Cosign.

Our directory is based on the Google Zanzibar system.

Topaz open-source cloud-native authorizer

Don't build undifferentiated plumbing

Reinventing the wheel

Authorization is complex

Evaluating policy against real-time user attributes with millisecond latency and 100% availability is a distributed systems problem. Most engineering teams can’t justify taking the time to fully solve it.

Requirements constantly evolve

Custom roles. Custom attributes. Integration with enterprise identity providers and directories. Decision logs. ISO 27001. As products move up-market, teams that build them can't keep up.

You could be building customer value

"I want to rewrite RBAC!" said no engineer, ever. Your team could be working on end-user features instead of undifferentiated heavy lifting.

Built by developers, for developers

David Kerber

VP of Technology

"Authorization involves really hard problems that I want experts to solve. We like to focus our internal engineering efforts on our customers and their problems. Aserto allows us to do just that, at a small fraction of the cost it would take to build and maintain it ourselves, not to mention the opportunity cost."

Mathias Biilmann Christensen

Co-founder & CEO, Netlify

"As millions of developers and businesses are adopting a Jamstack approach, most modern web applications involve multiple APIs and services. Aserto's promise of separating policies from code could radically simplify the implementation of authorization across the front-end UI and the larger world of back-end functions and endpoints."

Tom Preston-Werner

Co-founder, GitHub

"Building & managing an authorization/RBAC system is a huge pain, especially at enterprise scale. So stop! Aserto has a distributed, millisecond latency, 100% availability API for that. I'm excited to help as an angel investor!"

Our latest content and events
Five Common Authorization Patterns

Five common authorization patterns

In this post we share five common authorization patterns, starting from the simplest IDP-based RBAC, and culminating in a combination of group-based RBAC with fine-grained permissions and fine-grained resources. You can easily evolve from the simple models to the more sophisticated ones, by evolving the authorization policy using Topaz.


Read more on our Blog

Grapeville, Texas

Gartner IAM Summit 2023

March 20-23, 2023 in Grapevine, Texas

Learn more

Join the community
Lottie

Join our slack

Discuss authorization patterns, get answers, and engage with our community.

Aserto Logo

Sign up for our newsletter

Get the latest technology articles and company updates in your inbox.

Lottie

Let's talk about your access control challenges

Speak with an engineer