Fine-grained access control service

Add flexible, fine-grained, real-time authorization to your apps in minutes

Model, manage, enforce

Aserto Directory models your users and resource graph

Model: Easily model your identities, attributes, and resources as a graph of objects and relationships with the Aserto directory. Mapping relationships between objects and policies enables flexible, real-time enforcement across the application. The directory is cached at the edge inside each Topaz authorizer enabling ~1ms access decisions.

Fast, scalable graph directory

Model users, groups, identities, attributes, and resources as a graph of objects & relationships.

Get started in minutes with native support for custom roles, groups, inherited permission, and management relations. Easily create custom objects, relations, and types based on your domain hierarchy in just a few clicks.

Local Topaz authorizers

Deploy Topaz authorizers as sidecars or microservices, for real-time authorization, enforced in ~1ms with 100% availability.

Each Topaz authorizer evaluates Rego policies that can leverage a built-in relationship database, providing support for RBAC, ABAC, and ReBAC out-of-the-box.

Real-time enforcement

Authorize in ~1ms based on fresh data.

Aserto syncs changes to policy or authorization data with every Topaz authorizer in real-time, so you never authorize over stale data.

Enforce policy against real-time user attributes and resources

Central control plane

Centrally manage authorization across apps and services.

View all of your users, policies, authorizers, and relationships in one place. Automatically sync changes to any of these with Topaz authorizers in real-time to ensure you never authorize over stale data.

Automated decision logs

Every authorization decision made is captured as a decision log.

The control plane automatically aggregates these logs for easy sharing with SIEM and logging systems. Use this information for anomaly detection, compliance, audits, and forensic analysis.

High speed data fabric

We’ve built a high-speed data fabric to facilitate near-real time synchronization of authorization data from the control plane to all Topaz authorizers, and decision logs back from those authorizers to the control plane.

This is what enables Aserto to provide authorization decisions in milliseconds, based on fresh data.

Aserto high speed data fabric ensures real-time authorization

Policy-as-code workflow, with a secure software supply chain

Build, tag, push, and pull policies into immutable images that can be signed, verified, and tested.

Secure the software supply chain of policies with Open Policy Containers, a CNCF Sandbox project.

Manage policies as code with a docker-inspired workflow

Developer resources

APIs, SDKs, and quickstarts for popular languages and frameworks make it easy to integrate Aserto into your tech stack.

const { jwtAuthz } = require("@aserto/aserto-node")
const checkAuthz = jwtAuthz({ ... })
// ...
app.get("/protectPath/:param", checkJwt, checkAuthz, 
  async (req, res) => { ... }
)