Fine-grained access control service

Add flexible, fine-grained, real-time authorization to your apps in minutes

See a demo

Model, manage, enforce

Aserto Directory models your users and resource graph

Model: Easily model your identities, attributes, and resources as a graph of objects and relationships with the Aserto directory. Mapping relationships between objects and policies enables flexible, real-time enforcement across the application. The directory is cached at the edge inside each Topaz authorizer enabling ~1ms access decisions.


Fast, scalable graph directory

Model users, groups, identities, attributes, and resources as a graph of objects & relationships.

Get started in minutes with native support for custom roles, groups, inherited permission, and management relations. Easily create custom objects, relations, and types based on your domain hierarchy in just a few clicks.

Aserto Graph Directory

Local Topaz authorizers

Deploy Topaz authorizers as sidecars or microservices, for real-time authorization, enforced in ~1ms with 100% availability.

Each Topaz authorizer evaluates Rego policies that can leverage a built-in relationship database, providing support for RBAC, ABAC, and ReBAC out-of-the-box.

Topaz open-source authorizer

Real-time enforcemnt

Authorize in ~1ms based on fresh data.

Aserto syncs changes to policy or authorization data with every Topaz authorizer in real-time, so you never authorize over stale data.

Enforce policy against real-time user attributes and resources

Central control plane

Centrally manage authorization across apps and services.

View all of your users, policies, authorizers, and relationships in one place. Automatically sync changes to any of these with Topaz authorizers in real-time to ensure you never authorize over stale data.

Aserto central control plane

Automated decision logs

Every authorization decision made is captured as a decision log.

The control plane automatically aggregates these logs for easy sharing with SIEM and logging systems. Use this information for anomaly detection, compliance, audits, and forensic analysis.

Automated authorization decision logs

High speed data fabric

We’ve built a high-speed data fabric to facilitate near-real time synchronization of authorization data from the control plane to all Topaz authorizers, and decision logs back from those authorizers to the control plane.

This is what enables Aserto to provide authorization decisions in milliseconds, based on fresh data.

Aserto high speed data fabric ensures real-time authorization

Policy-as-code workflow, with a secure software supply chain

Build, tag, push, and pull policies into immutable images that can be signed, verified, and tested.

Secure the software supply chain of policies with Open Policy Containers, a CNCF Sandbox project.

Manage policies as code with a docker-inspired workflow

Developer resources

APIs, SDKs, and quickstarts for popular languages and frameworks make it easy to integrate Aserto into your tech stack.

const { jwtAuthz } = require("@aserto/aserto-node") const checkAuthz = jwtAuthz({ ... }) // ... app.get("/protectPath/:param", checkJwt, checkAuthz, async (req, res) => { ... } )

End-to-end authorization service

Topaz authorizers

Topaz Authorizers

A simple hosted authorizer for dev/test, and a lightweight edge authorizer for production workloads

Aserto GraphQL Directory models relationships between users, objects, and relations.

Aserto GraphQL Directory

Powerful GraphQL directory for modeling relationships between your users, resources, and attributes.

control plane

Central management

A central control plane for managing access control policies for all your apps and services

github workflow


An automated GitOps workflow for building, testing, and deploying policy changes


Developer resources

APIs, SDKs, and quickstarts for popular languages and frameworks

OPA-based authorizers

OSS Authorizers based on OPA

Open source authorizer built on top of Topaz and Open Policy Agent

Native integrations with identity providers

IDP integrations

Native integrations with leading IDPs


Authorization as easy as an API call