&color=rgb(100%2C100%2C100)&link=https%3A%2F%2Fgithub.com%2Faserto-dev%2Ftopaz)
Fine-grained API authorization that scales
The "easy button" for consistent, externalized API authorization, enforced at your API Gateway.
Go from OpenAPI spec to gateway-enforced authorization in 5 minutes!
Lightning-fast, enforced at your API Gateway
No need to change your API code - simply call the authorizer from a request filter in your gateway, for lightning-fast authorization. Check out our quickstart!
Automated API onboarding
Automate the onboarding process for your APIs by consuming their OpenAPI definitions and automatically generating entitlements to services and endpoints. Follow our step-by-step guide!
Governance out of the box
Trivially answer questions like "which users have access to this API" and "which APIs does this user have access to", all from our graphical console, CLI, or APIs.
Effortless integration with your identity provider
Make authorization decisions based on the users and groups in your identity provider or directory. Native integrations with Okta, Entra (Azure AD), LDAP, AWS Cognito, Google Workspace, FusionAuth, SCIM, and more!
Customize your policies
Evolve your authorization model as requirements change. Aserto is plug-compatible with OPA, and natively supports RBAC, ABAC, or ReBAC. Start with the simplest model and seamlessly evolve to add custom attributes or API mappings when the time is right.
Open standards, open source
Aserto is based on the Topaz open source project, which uses the CNCF Open Policy Agent. Topaz implements the OpenID AuthZEN specification.
The "easy button" for API authorization
Just-in-time access
Turn access on or off with a simple UI change or API call. Provide "break-the-glass" emergency API access when necessary, and revoke it when the incident is resolved.
Self-serve entitlements
Give your API owners the ability to entitle users or groups to their APIs, at the service or endpoint level. Use our UI or create a custom experience that calls our API.
Externalized authorization policies
Decouple authorization logic from API code, so that it can evolve without touching the API. Externalized policies can also be treated like code, version controlled, tested, and signed.
Full audit trails
Automatically capture every access decision made, along with all of the inputs. Easily export these audit trails to your SIEM tools, or share them with auditors as proof of compliance.
Application security best practices
Zero trust and least privilege by nature. Aserto helps you implement best in class security standards with a fine-grained, real-time access control system that defaults to deny.
Trying to decide whether to build or buy?
Implementing API Authorization at scale is deceptively hard. Open Source projects like Topaz can help. And Aserto can help you scale and support a Topaz-based externalized authorization service for your APIs. Get the whitepaper to learn more!
Get the whitepaper!
