Start with Identity
Authorization

Oso

Founded 2018New York, NY, USAPrivate (Oso Security Inc.)Score 3.9/5Evaluated 2026-06-19Website ↗

Capability scores

Methodology →
Authentication
1.5
SSO & Federation
1.5
Authorization
4.4
Lifecycle & Provisioning
3.0
MFA & Passwordless
1.0
Governance & Audit
3.5
Developer Experience
4.3
Deployment Flexibility
3.5
Pricing Transparency
3.5
Support & Ecosystem
3.5

Scored 0–5 against a published rubric. Independent analysis, no vendor sponsorship.

Overview

Oso provides application authorization, originally as the open-source Polar policy language and now centered on Oso Cloud, a managed service that blends roles, relationships (ReBAC), and attributes (ABAC) in one model. Founded in 2018, Oso Security Inc. is privately held. It targets developers who want to stop reinventing permission logic and instead model authorization once in a hosted engine. Unlike the policy-as-code tools Cerbos and Open Policy Agent or the pure Zanzibar engines OpenFGA and AuthZed, Oso's pitch is a unified model that spans all three approaches.

What it is good at

Breadth of the authorization model is the strength. Oso Cloud lets you express RBAC, ReBAC, and ABAC together rather than choosing one paradigm, and it supports list filtering so you can authorize queries (return only the rows a user can see), not just single yes/no checks. The developer ergonomics, documentation, and migration guides are good, and the hosted service removes the burden of operating an engine yourself.

Where it falls short

The notable shift is licensing: Oso pivoted from a freely embeddable open-source library toward the hosted Oso Cloud product, so the long-term open-source story is weaker than vendor-neutral options like OpenFGA or Cerbos. That matters for teams that prize independence and want to avoid depending on a single hosted vendor. As an authorization-only tool it does nothing for authentication, SSO, or MFA, and Oso Cloud pricing is less transparent than the fully open competitors.

Pricing

Oso Cloud has a free developer tier with paid plans scaling by usage and features; enterprise pricing is quote-based. The legacy open-source library still exists but is no longer the primary direction. Model your costs with the TCO calculator.

Best for, and who should look elsewhere

Choose Oso if you want a managed engine that unifies roles, relationships, and attributes and you are comfortable depending on the hosted product. If you require a fully open, vendor-independent engine, compare OpenFGA vs Cerbos and look at AuthZed. See the authorization guide.

Bottom line

Pick Oso if you want a managed engine that unifies roles, relationships, and attributes in one model and you are comfortable depending on the hosted Oso Cloud product.

By SWI Community Team · Last evaluated 2026-06-19

Independent, community-driven analysis. No vendor sponsorship. Compiled from public research and community input and verified on a best-effort basis, so details may be incomplete or out of date. Scores are opinions, not advice. Trademarks belong to their owners; mention does not imply affiliation or endorsement. See the full disclaimer, or send corrections to community@startwithidentity.com.