Market map / Authorization & policy
OpenFGA
CNCF open-source relationship-based authorization in the Google Zanzibar style, originated at Auth0.
- Category
- Open-source fine-grained authorization (ReBAC)
- Lane
- Authorization & policy
- Founded
- 2022 (project)
- Ownership
- Open source (CNCF); originated at Auth0/Okta
Summary
An open-source fine-grained authorization engine implementing Zanzibar-style relationship-based access control (ReBAC). Originated at Auth0 and donated to the CNCF, it models permissions as relationships and checks them at scale, and underpins Auth0/Okta FGA.
Best for
Teams that want an open, standards-aligned ReBAC engine to self-host or adopt via Auth0 FGA.
Consider if
You want a fully managed, commercially supported control plane out of the box.
Strengths
- Open source under CNCF governance
- Zanzibar-style ReBAC modeling
- Adoption behind Auth0/Okta FGA
Considerations
- Self-managed unless paired with a hosted offering
- Relationship modeling has a learning curve