Oso
Capability scores
Methodology →- Authentication
- 1.5
- SSO & Federation
- 1.5
- Authorization
- 4.4
- Lifecycle & Provisioning
- 3.0
- MFA & Passwordless
- 1.0
- Governance & Audit
- 3.5
- Developer Experience
- 4.3
- Deployment Flexibility
- 3.5
- Pricing Transparency
- 3.5
- Support & Ecosystem
- 3.5
Scored 0–5 against a published rubric. Independent analysis, no vendor sponsorship.
Overview
Oso provides application authorization, originally as the open-source Polar policy language and now centered on Oso Cloud, a managed service that blends roles, relationships (ReBAC), and attributes (ABAC) in one model. It targets developers who want to stop reinventing permission logic.
Capability deep-dive
The strength is breadth of the authorization model: Oso Cloud lets you express RBAC, ReBAC, and ABAC together, with list-filtering support so you can authorize queries, not just single checks. The developer ergonomics, docs, and migration guides are good. The notable shift is licensing: Oso pivoted from a freely embeddable open-source library toward the hosted Oso Cloud product, so the long-term open-source story is weaker than OpenFGA or Cerbos, and that matters for teams wanting vendor independence. As an authorization-only tool it does nothing on authentication, SSO, or MFA. Pricing for Oso Cloud is less transparent than the fully open competitors.
Pricing
Oso Cloud has a free developer tier with paid plans scaling by usage and features. The legacy open-source library exists but is no longer the primary direction. Enterprise pricing is quote based.
Bottom line
Pick Oso if you want a managed engine that unifies roles, relationships, and attributes and you are comfortable depending on the hosted product.