Meet updated Cerbos Hub
Complete authorization for your IAM stack
Enforce fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCPs, services and workloads.
Loved by engineers. Approved by leadership.
Engineers
Leadership
"Cerbos is plug and play. Developers can get Cerbos up and running in minutes. All the configuration there is fits in one nice little file. I can onboard a new developer onto Cerbos in an hour."
Steve High, Staff Engineer
Deploy new tenant policies in seconds
No code changes, redeploys, or downtime.
75% fewer authZ bugs and incidents
Built-in validation and testing.
One unified policy layer
Manage access across apps, APIs, workloads, MCP servers.
Zero custom logic to maintain
Define in policy, reuse across tenants and environments.
Built for enterprise
Manage human and machine auth at scale
Write, test, and iterate policies
Write and validate your policies
Define, validate, and test authorization rules in the collaborative policy Playground.
Programmatic policy management
NewCreate, update and manage policies using the Cerbos CLI or via API with our SDKs.
Flexible policy delivery
NewDeliver policies from from your existing Git provider, any CI/CD pipeline or directly from the Cerbos Hub interface.
Validate policy changes automatically
NewRun automated tests in Cerbos Hub’s CI pipeline before deploying to your Policy Decision Points (PDPs).
Deploy and manage
Package and deploy from any source
NewIntegrate policies from Git, CI pipelines, API changes, or CLI uploads.
Combine policies from multiple sources
NewCombine policies into a unified set of authorization rules and deploy your policies.
Keep policies up to date automatically
Automatically coordinate policy rollouts to all PDPs.
Sync policies across all environments
Keep policies in sync across on-prem, cloud, Kubernetes, and hybrid environments.
Authorize anywhere
Authorize on edge devices
Run authorization locally with precompiled libraries for edge and embedded systems.
Authorize in the browser
Run local authorization calls in React, Angular, and other front-end frameworks with WebAssembly.
Authorize in mobile apps
Use Android and React Native SDKs; iOS is coming soon.
Authorize backend services
Run Cerbos in your APIs & microservices and validate workloads.
Support serverless platforms
NewRun in Vercel, Netlify, AWS Lambda, Google Cloud Functions, and Azure Functions.
Log and audit every decision
Capture every decision for all identities
NewLog requests, actions, resources, access decisions, and service-to-service authorization calls.
Trace policy lineage
NewSee the exact policy, version, and release behind each access decision for full traceability.
Monitor with context
View detailed logs, policy versions, and real-time metrics across all PDPs and environments.
Simplify audits and compliance
Keep centralized, structured logs for complete visibility into human and non-human identity access actions.
Compliance-ready with every decision
Ensure audit readiness for SOC2, ISO 27001, HIPAA, PCI DSS, and GDPR.
SOC 2
HIPAA
PCI DSS
ISO 27001
GDPR
Your identity-first security
One hub for all authorization requirements
Per-tenant custom policies
Allow teams or end users to create tenant-specific custom roles programmatically, with testing, auditability, and governance built in.
Dynamic policies
Programmatically create and update policies from any business event - no custom pipelines or fragile sync logic.
Per-tenant custom policies
Allow teams or end users to create tenant-specific custom roles programmatically, with testing, auditability, and governance built in.
Dynamic policies
Programmatically create and update policies from any business event - no custom pipelines or fragile sync logic.
Authorization for non-human identities
Manage permissions for workloads, microservices, AI agents, and API clients with flexible, policy-driven authorization.
MCP server security
Dynamically control which AI agents can access specific MCP server tools with policy-based decisions, reducing security risks and simplifying audits.
AI systems and RAG data protection
Maintain data security and compliance with fine-grained authorization for your RAG and LLMs.
One engine, all authorization types, Zero Trust
Join our upcoming webinars to explore new use cases
Fits into your IAM infrastructure
Connect with your stack, at an instance
