Aserto
Capability scores
Methodology →- Authentication
- 2.0
- SSO & Federation
- 2.0
- Authorization
- 4.5
- Lifecycle & Provisioning
- 2.5
- MFA & Passwordless
- 1.5
- Governance & Audit
- 3.5
- Developer Experience
- 4.5
- Deployment Flexibility
- 4.0
- Pricing Transparency
- 3.5
- Support & Ecosystem
- 3.0
Scored 0–5 against a published rubric. Independent analysis, no vendor sponsorship.
Overview
Aserto is a developer-focused authorization platform built on its open-source Topaz engine, which combines an OPA-style policy evaluator with a relationship-based directory. In practice it blends two models that other vendors keep separate: policy-as-code in the style of Open Policy Agent, and a relationship store in the style of Zanzibar engines like OpenFGA and AuthZed. Founded in 2020 and privately held, Aserto positions itself as a managed control plane (policy authoring, the directory, decision logs) on top of an open-source core you can also run yourself.
What it is good at
The hybrid model is the differentiator: you can express attribute and role rules as policy while storing the relationship data (ownership, group membership, hierarchy) that fine-grained checks need, without bolting two systems together. Topaz being open source matters for teams that want to avoid lock-in and run the decision engine locally as a sidecar for low latency. Developer ergonomics, SDKs, and decision logging are solid, and policies live in git so they are testable and reviewable.
Where it falls short
Aserto is a smaller vendor, so enterprise governance depth, ecosystem, and long-term roadmap certainty are lighter than the largest players. Teams that want a single, widely adopted open-source engine rather than a vendor-managed blend may prefer running OpenFGA or Cerbos directly. As an authorization-only tool it does nothing for authentication, SSO, or MFA.
Pricing
The open-source Topaz engine is free to self-host. The managed Aserto control plane and enterprise tiers are usage-based; check current published plans, and model your costs with the TCO calculator.
Best for, and who should look elsewhere
Choose Aserto if you want fine-grained authorization that blends policy and relationships on an open-source core with a managed control plane. If you need pure Zanzibar-style ReBAC at scale, compare OpenFGA vs AuthZed. If you want clean policy-as-code only, look at Cerbos. See the authorization guide for model selection.
Bottom line
A developer-friendly authorization option that uniquely blends OPA-style policy with relationship data, best for teams that want both models without operating two systems.
More Authorization vendors
All Authorization →- AuthZed4.3/5
- Styra / Open Policy Agent4.3/5
- OpenFGA4.2/5
- AWS Verified Permissions4.1/5
- Warrant (WorkOS)4.1/5
By SWI Community Team · Last evaluated 2026-06-19
Independent, community-driven analysis. No vendor sponsorship. Compiled from public research and community input and verified on a best-effort basis, so details may be incomplete or out of date. Scores are opinions, not advice. Trademarks belong to their owners; mention does not imply affiliation or endorsement. See the full disclaimer, or send corrections to community@startwithidentity.com.