Externalized authorization layer
Complete authorization management and administration
Distributed policy decision points. Policy enforcement points via SDK and ORM integrations.
Free forever
Run anywhere: on-premise or cloud
Access to:
Implement fine-grained authorization in your projects or startup applications
$0/month
Up to 100 monthly active principals*
Access to all open source features, plus
System-wide authorization management and auditing
From $25/month
Based on monthly active principals*
3 months free trial
Access to all features in START, plus
Enterprise
Support, training, and SLA for production-grade authorization at scale. Custom plans to suit your needs
Access to
✓ SSO support
✓ Custom training support
✓ Premium support SLA
✓ Phone support
✓ Quarterly training
"Principal" is a term for a user or service. For most applications, the terms "user" and "principal" are interchangeable because the application is only used by humans. However, Cerbos can also authorize other applications, services, bots or any other non-human identities which access your system.
For example, If your application has 3000 monthly active users and 15 monthly non-human identities, you’ll have 3015 monthly active principals.
Cerbos pricing is based on the number of Monthly Active Principals requiring authorization decisions.
Cerbos is currently available on AWS Marketplace.
Cerbos Hub runs in the cloud and manages the PDPs that are running in your environment.
Cerbos PDPs still run in your environment to guarantee security, fastest response time and highest SLA.
It is the number of unique principals that are authorized during one calendar month.
Yes. In order to make the switch, first you will have to start hosting your own policy files (here are the options) and then change your PDPs’ configuration to point at them.
Contact us if you require an SLA and a dedicated Cerbos team member will reach out. Otherwise, join our Slack community to receive community-based support.
Yes, you can cancel at any time.
Check out our full Terms of Service and Privacy Policy.
"It's weird to say an outside company has our back, but Cerbos does. It's the people. It's their open-source code: it's high quality, you can read it, it does what it says on the tin"
"It's a good feeling being able to say yes to almost any permissioning requirement." "Cerbos is small, contained and easy to implement. It 100% delivers on the promise of abstracting away the complexity of decision making."
"We're not worried about scaling because we can easily increase our load on Cerbos. It will also be easy for us to change how we're distributing policies as we reach different points of scale."
"We went from one user - every role, to a world where there are many users - many roles. And the product, it relies on Cerbos to actually bring the value that we want to bring to customers. All of our customers are relying on Cerbos, by relying on the product, which is of course relying on Cerbos."
"Instead of thinking of how much time Cerbos has saved us, I think about how much time it didn't cost us. It didn't cost us any time. Cerbos just works. I don't have to think about it. It's as simple as that."
"One of our big considerations was speed. We have strict latency tolerances. When it comes to Cerbos - you can call it a hundred times during a request and it doesn't matter. It's incredibly fast."
"If it wasn't for Cerbos, one thing is for sure - we would've launched later than we did. As a result, we would have less customers. And the maintenance part is also very important. Our technical team would be dealing with daily stuff regarding access controls, access logs. Now, we don't have to spend any time on that."
"Cerbos policy writing is quite flexible, and deploying as a unit microservice as well. Cerbos "doesn't get in the way" once integrated, that's the best part."
"It is easy to implement and provides a solution for a problem that is often not properly addressed."
"Having the separation of the permissions from the code base just makes the code base more elegant. It makes the permissioning more elegant. It means they're centralized, so they're not tied to specific endpoints. And ultimately it means that different business owners have the ability to actually make updates."
"Just discovered your embedded testing framework. This is probably the best balance between hyperfocused functionality and embedded tooling I've ever seen in an open source project. Damn, good work!"