Start with Identity
Authorization

Aserto

Founded 2020Seattle, Washington, USAPrivate (open source)Score 3.9/5Evaluated 2026-06-19Website ↗

Capability scores

Methodology →
Authentication
2.0
SSO & Federation
2.0
Authorization
4.5
Lifecycle & Provisioning
2.5
MFA & Passwordless
1.5
Governance & Audit
3.5
Developer Experience
4.5
Deployment Flexibility
4.0
Pricing Transparency
3.5
Support & Ecosystem
3.0

Scored 0–5 against a published rubric. Independent analysis, no vendor sponsorship.

Overview

Aserto is a developer-focused authorization platform built on its open-source Topaz engine, which combines an OPA-style policy evaluator with a relationship-based directory. In practice it blends two models that other vendors keep separate: policy-as-code in the style of Open Policy Agent, and a relationship store in the style of Zanzibar engines like OpenFGA and AuthZed. Founded in 2020 and privately held, Aserto positions itself as a managed control plane (policy authoring, the directory, decision logs) on top of an open-source core you can also run yourself.

What it is good at

The hybrid model is the differentiator: you can express attribute and role rules as policy while storing the relationship data (ownership, group membership, hierarchy) that fine-grained checks need, without bolting two systems together. Topaz being open source matters for teams that want to avoid lock-in and run the decision engine locally as a sidecar for low latency. Developer ergonomics, SDKs, and decision logging are solid, and policies live in git so they are testable and reviewable.

Where it falls short

Aserto is a smaller vendor, so enterprise governance depth, ecosystem, and long-term roadmap certainty are lighter than the largest players. Teams that want a single, widely adopted open-source engine rather than a vendor-managed blend may prefer running OpenFGA or Cerbos directly. As an authorization-only tool it does nothing for authentication, SSO, or MFA.

Pricing

The open-source Topaz engine is free to self-host. The managed Aserto control plane and enterprise tiers are usage-based; check current published plans, and model your costs with the TCO calculator.

Best for, and who should look elsewhere

Choose Aserto if you want fine-grained authorization that blends policy and relationships on an open-source core with a managed control plane. If you need pure Zanzibar-style ReBAC at scale, compare OpenFGA vs AuthZed. If you want clean policy-as-code only, look at Cerbos. See the authorization guide for model selection.

Bottom line

A developer-friendly authorization option that uniquely blends OPA-style policy with relationship data, best for teams that want both models without operating two systems.

By SWI Community Team · Last evaluated 2026-06-19

Independent, community-driven analysis. No vendor sponsorship. Compiled from public research and community input and verified on a best-effort basis, so details may be incomplete or out of date. Scores are opinions, not advice. Trademarks belong to their owners; mention does not imply affiliation or endorsement. See the full disclaimer, or send corrections to community@startwithidentity.com.