Alternatives to Permify
Compare Permify alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to Permify in 2026. Compare features, ratings, user reviews, pricing, and more from Permify competitors and alternatives in order to make an informed decision for your business.
-
1
Frontegg
Frontegg
Frontegg is a Customer Identity and Access Management (CIAM) platform that simplifies authentication, authorization, and user management for SaaS companies. It enables developers to implement advanced identity features quickly, then shift ongoing administration to other teams. With Frontegg, Product, Infosec, and Customer Success teams can take control of key identity tasks like managing user roles, enforcing security policies, and handling customer requests, all without engineering support. Developers reduce toil and regain focus on core product work, while stakeholders move faster without bottlenecks. Frontegg supports modern identity features including SSO, MFA, role-based access control, entitlements, multi-tenancy, and audit logs. Its low-code platform integrates in days and provides a user-friendly admin portal that bridges technical and non-technical teams. Frontegg increases operational efficiency, improves security posture, and enhances the customer experience. -
2
Auth0
Okta
Auth0 takes a modern approach to Identity, providing secure access to any application, for any user. Safeguarding billions of login transactions each month, Auth0 delivers convenience, privacy, and security so customers can focus on innovation. Auth0 is part of Okta, The World’s Identity Company™. Auth0 lets you quickly integrate authentication and authorization for web, mobile, and legacy applications, with new Fine Grained Authorization (FGA) that goes beyond role-based access control. Authenticate users across all applications with a customized, secure, and standards-based single login. Universal Login connects users to a central authorization server. Credentials aren’t transferred across sources, which boosts security and protects against phishing and credential stuffing attacks. OAuth 2.0 recommends that only external user agents (like the browser) be used by native applications for authentication flows. Auth0’s Universal Login achieves this while enabling SSO. -
3
Kinde
Kinde
Authentication happens at some of the most important, and highly impactful, places in your customers' journey. Take control of user authorization with a passwordless authentication, social integrations, and enterprise SSO. Support the branding of all your customers with custom domains and a fully customisable UI by bringing your own pages and designs. Integrate with complex requirements and run your own code during authentication using our powerful workflows. Organise all your business customers using organizations to easily segergate them and fine tune the authentication experience to their individual needs. Monetize your ideas quickly with Kinde's billing tools. Create subscription plans and collect revenue effortlessly. Kinde adapts to your business model, supporting B2C, B2B, and B2B2C with robust organization management and flexible billing logic that scales with your customers.Starting Price: Free -
4
SolarWinds Access Rights Manager
SolarWinds
SolarWinds® Access Rights Manager is designed to assist IT & security administrators in quickly & easily provisioning, deprovisioning, managing, & auditing user access rights to systems, data, & files, so they can help protect their organizations from the potential risks of data loss and breaches. By analyzing user authorizations & access permissions, you get visualization of who has access to what, and when they accessed it. Customized reports can be generated to help demonstrate compliance with many regulatory requirements. Provision & deprovision users via role-specific templates to help assure conformity of access privilege delegation, in alignment with security policies. -
5
Casbin
Casbin
Casbin is an open-source authorization library that supports various access control models, including Access Control Lists (ACL), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC). It is implemented in multiple programming languages such as Golang, Java, C/C++, Node.js, JavaScript, PHP, Laravel, Python, .NET (C#), Delphi, Rust, Ruby, Swift (Objective-C), Lua (OpenResty), Dart (Flutter), and Elixir, providing a consistent API across different platforms. Casbin abstracts access control models into configuration files based on the PERM metamodel, allowing developers to switch or upgrade authorization mechanisms by simply modifying configurations. It offers flexible policy storage options, supporting various databases like MySQL, PostgreSQL, Oracle, MongoDB, Redis, and AWS S3. The library also features a role manager to handle RBAC role hierarchies and supports filtered policy management for efficient enforcement.Starting Price: Free -
6
OpenFGA
The Linux Foundation
OpenFGA is an open source authorization solution that enables developers to implement fine-grained access control using a user-friendly modeling language and APIs. Inspired by Google's Zanzibar paper, it supports various access control models, including Relationship-Based Access Control (ReBAC), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC). OpenFGA offers SDKs for multiple programming languages, such as Java, .NET, JavaScript, Go, and Python, facilitating seamless integration into diverse applications. The platform is designed for high performance, capable of processing authorization checks in milliseconds, making it suitable for projects ranging from small startups to large enterprises. Operating under the Cloud Native Computing Foundation (CNCF) as a sandbox project, OpenFGA emphasizes transparency and community collaboration, inviting contributions to its development and governance.Starting Price: Free -
7
Aserto
Aserto
Aserto helps developers build secure applications. It makes it easy to add fine-grained, policy-based, real-time access control to your applications and APIs. Aserto handles all the heavy lifting required to achieve secure, scalable, high-performance access management. It offers blazing-fast authorization of a local library coupled with a centralized control plane for managing policies, user attributes, relationship data, and decision logs. And it comes with everything you need to implement RBAC or fine-grained authorization models, such as ABAC, and ReBAC. Take a look at our open-source projects: - Topaz.sh: a standalone authorizer you can deploy in your environment to add fine-grained access control to your applications. Topaz lets you combine OPA policies with Zanzibar’s data model for complete flexibility. - OpenPolicyContainers.com (OPCR) secures OPA policies across the lifecycle by adding the ability to tag, verStarting Price: $0 -
8
Identity Confluence
Tech Prescient
Identity Confluence is an intelligent Identity Governance and Administration (IGA) platform designed to help IT and security teams manage access, automate identity lifecycles, and maintain continuous compliance across cloud and hybrid environments. Built for modern enterprises, Identity Confluence unifies identity lifecycle management, access control, and governance into a single, scalable platform. Automate Joiner-Mover-Leaver (JML) processes, enforce policy-based access controls (RBAC, ABAC, PBAC), and conduct real-time user access reviews—all from one intuitive interface. Key Features: Lifecycle Automation: Trigger real-time provisioning and deprovisioning across HR, IT, and business systems. Access Controls: Implement dynamic, fine-grained access policies using roles, attributes, and policies. App & Directory Integrations: Out-of-the-box connectors for AD, Azure AD, Okta, Workday, SAP, and more. Access Reviews: Automate certifications, enforce Segregation of Duties -
9
CyberArk Conjur
CyberArk
A seamless open source interface to securely authenticate, control and audit non-human access across tools, applications, containers and cloud environments via robust secrets management. Secrets grant access to applications, tools, critical infrastructure and other sensitive data. Conjur secures this access by tightly controlling secrets with granular Role-Based Access Control (RBAC). When an application requests access to a resource, Conjur authenticates the application, performs an authorization check against the security policy and then securely distributes the secret. Security policy as code is the foundation of Conjur. Security rules are written in .yml files, checked into source control, and loaded onto the Conjur server. Security policy is treated like any other source control asset, adding transparency and collaboration to the organization’s security requirements. -
10
Oso Cloud
Oso
Customers want features that you can’t build without a refactor. Your code is hand-rolled, fragile and hard to debug. It’s spread throughout the codebase and relies on data from multiple sources. There’s no one place to see who has access to what, that authorization is working, or why requests are or are not authorized. Lay out who's allowed to do what in Workbench, our visual rules editor Start with primitives for common patterns like multi-tenancy and RBAC Extend your logic with custom rules in Polar, our configuration language for authorization. Send core authorization data, like roles and permissions. Make authorization checks and filter lists based on authorization where you used to have IF statements and custom SQL.Starting Price: $149 per month -
11
Cedar
Amazon
Cedar is an open source policy language and evaluation engine developed by AWS to facilitate fine-grained access control in applications. It enables developers to define clear and concise authorization policies, decoupling access control from application logic. Cedar supports common authorization models, including role-based access control and attribute-based access control, allowing for expressive and analyzable policy definitions. Its design emphasizes readability and performance, ensuring that policies are both easy to understand and efficient to enforce. By integrating Cedar, applications can make precise authorization decisions, enhancing security and maintainability. The policy structure is designed to be indexed for quick retrieval and to support fast and scalable real-time evaluation, with bounded latency. It enables analyzer tools capable of optimizing your policies and proving that your security model is what you believe it is.Starting Price: Free -
12
Hexnode IdP
Hexnode
Hexnode IdP is an identity provider designed to help organizations manage authentication, access control, and identity governance from a centralized platform. It enables IT and security teams to verify user identities and enforce secure access to enterprise applications, devices, and resources. By combining identity verification with real-time device posture evaluation, Hexnode IdP supports a Zero Trust approach to access management. The platform includes capabilities such as single sign-on (SSO), multi-factor authentication (MFA), role-based access control (RBAC), and conditional access policies. These controls allow organizations to ensure that only authorized users on compliant devices can access sensitive systems and data. By centralizing authentication and access policies in a single console, organizations can simplify identity management while improving overall security visibility and control. -
13
TrustLogix
TrustLogix
The TrustLogix Cloud Data Security Platform breaks down silos between data owners, security owners, and data consumers with simplified data access management and compliance. Discover cloud data access issues and risks in 30 minutes or less, without requiring visibility to the data itself. Deploy fine-grained attribute-based access control (ABAC) and role-based access control (RBAC) policies and centrally manage your data security posture across all clouds and data platforms. TrustLogix continuously monitors and alerts for new risks and non-compliance such as suspicious activity, over-privileged accounts, ghost accounts, and new dark data or data sprawl, thus empowering you to respond quickly and decisively to address them. Additionally, alerts can be reported to SIEM and other GRC systems. -
14
ZITADEL
ZITADEL
ZITADEL is an open-source identity and access management platform designed to simplify authentication and authorization for applications. It offers a comprehensive suite of features, including customizable hosted login pages, support for modern authentication methods such as Single Sign-On (SSO) and social logins, and enforcement of multifactor authentication to enhance security. Developers can integrate authentication directly into their applications using ZITADEL's APIs or build dedicated login interfaces. The platform supports role-based access control, allowing for precise permission assignments based on user roles, and is inherently multi-tenant, facilitating easy extension of applications to new organizations. ZITADEL's extensibility enables seamless adaptation to various workflows, user management processes, and brand guidelines, with features like ZITADEL Actions that execute workflows after predefined events without the need for additional code deployment.Starting Price: $100 per month -
15
Logto
Silverhand
Logto is an Auth0 alternative designed for modern apps and SaaS products. It offers a seamless developer experience and is well-suited for individuals and growing companies. 🧑💻 Comprehensive identity solution Enables easy authentication with Logto SDKs. Supports multiple passwordless and social sign-in methods. Offers customizable UI components to match your brand. 📦 Out-of-the-box infrastructure eliminates the need for extra setup. Provides ready-to-use Management API Offers flexible connectors for customization and scaling, and is customized with SAML, OAuth, and OIDC protocols. 💻 Enterprise-ready with role-based access control (RBAC), organizations (multi-tenant apps), user management, audit logs, single sign-on (SSO), and multi-factor authentication (MFA).Starting Price: $0 -
16
Manages users, groups and roles. Authentication, delegation, authorization and auditing. Role-based access control, entitlements and time-based access rules. Manages access control policies for Web, Java and CORBA® resources. Manages access control policies for fine-grain application data and/or features. Central administration with flexible deployment options. Features specifically designed to aid in meeting privacy legislation. Supports integration with existing security infrastructure. Provides foundation for orb2 for Java Security Services.
-
17
PingDataGovernance
Ping Identity
Digital transactions and data are exploding, but authorization logic is scattered across your enterprise. Updating, auditing and managing that logic can be tedious or even impossible. PingDataGovernance provides centralized authorization policies that can evaluate identity attributes, entitlements, consents, the requesting app or other contextual information to authorize critical actions and the retrieval of high-value data. You’ll have the agility to react instantly without sacrificing security or regulatory compliance. Anyone can update policies in minutes with a simple drag-and-drop UI. And you can choose which teams it’s most appropriate to give access to so they can manage policies—or any portion of them. Unlike traditional role-based access control (RBAC), dynamic authorization assembles key contextual data attributes and evaluates the validity of access requests in real time. This lets you centrally enforce policies to comply with regulatory requirements. -
18
Devolutions Workspace
Devolutions
Workplace passwords are everywhere—apps, websites, servers. Devolutions Workspace brings them together in one interface that works across Windows, macOS, Linux, iOS, Android, and browsers. Users can autofill credentials, manage entries based on role-based access control (RBAC), and respond to time-sensitive access requests—without ever seeing the raw passwords. Workspace includes multi-factor authentication (MFA) through Devolutions Authenticator, secure in-app messaging, and offline mode. Admins can enforce strong policies, while end-users enjoy a frictionless login experience. The Workforce Password Management package is the backbone. It connects Workspace to centralized credential storage using either cloud-based Devolutions Hub or self-hosted Devolutions Server, depending on your infrastructure needs. This combination gives growing teams the structure they need to eliminate password chaos and strengthen access governance—without the complexity or cost of legacy solutions.Starting Price: $3/month/user -
19
Access Auditor
Security Compliance Corp
Access Auditor automates user entitlement reviews and user access reviews. Access Auditor also alerts on changes in user access rights, and watches for separation of duties violations, and shows who has access to what. Users can be imported from any AD/LDAP, Database, or any REST API. Enterprise roles (RBAC) can be modeled and defined, allowing full RBAC reviews and provisioning. Access Manager leverages the same ease-of-use to automate the provisioning and management of user access rights. Any system with a database, LDAP, or REST API can be automatically managed via role based access controls. SCC’s powerful and simple approach to Identity Management enables a very rapid success at a low overall cost. With a 100% customer success rate, Access Auditor is the fastest and simplest solution available and can automate your user access reviews in under a week. -
20
PlainID
PlainID
PlainID is The Authorization Company. PlainID provides both Business AND Admin teams with a simple and intuitive means to control their organization’s entire authorization process, all based on your own business logic. The platform allows you to implement literally any kind of rules you could imagine, all without coding, and all in fine grained detail. PlainID simplifies Authorization so that thousands of Roles, Attributes and even Environmental Factors can be converted into a few logical SmartAuthorization policies using our Graph Database Decision Engine. In-depth Analytics and Insights: PlainID provides unobstructed visibility with a full audit trail. Compliance, regulation and audit requirements, they’re easy to manage on a simple graph-based UI. Access is determined dynamically and in real time, based on user attributes, environmental attributes (time, location, etc.) as well as event based authorizations. PlainID combines ABAC & RABC to a united policy. -
21
AuthZed
AuthZed
Unblock your business with an authorization system inspired by Google's Zanzibar white paper. As the creators of SpiceDB, the AuthZed team delivers enterprise-ready permissions systems built for scale and security. The most mature open source Zanzibar implementation designed for both consistency and performance at scale. Define fine-grained access for any object in your application or across your product suite and manage permissions using a centralized schema. Specify consistency requirements per authorization check; tunable consistency features balance performance and correctness according to your use case. SpiceDB returns lists of authorized subjects and accessible resources, helpful when pre-filtering permission-based results. Instrumented with observability tooling, a powerful Kubernetes operator, and load-testing capabilities, SpiceDB prioritizes both developer and platform engineering experiences. -
22
Delinea Cloud Access Controller
Delinea
Gain granular control over web applications and web-based cloud management platforms. Delinea's Cloud Access Controller provides a comprehensive PAM solution that operates at cloud speed and is quick to deploy and secure access to any web application. With Cloud Access Controller, you can easily integrate your existing authentication solutions with any web application without having to write any additional code. Apply granular RBAC policies that enforce least privilege and zero trust initiatives, even to custom and legacy web applications. Specify what an individual employee is allowed to read or modify within any web application. Grant, manage and revoke access to cloud applications. Specify who gets access to what, at a granular level. Track usage of each and every cloud application. Clientless session recording without agents. Secure access to all web applications, including social media, custom, and legacy web applications. -
23
Delinea Server Suite
Delinea
Easily consolidate complex and disparate identities for Linux and Unix within Microsoft Active Directory. Minimize the risk of a breach and reduce lateral movement with a flexible, just-in-time privilege elevation model. Advanced session recording, auditing, and compliance reporting aid forensic analysis into abuse of privilege. Centralize discovery, management, and user administration for Linux and UNIX systems to enable rapid identity consolidation into Active Directory. Privileged Access Management best practices are easy to follow with the Server Suite. The results are higher levels of identity assurance and a significantly reduced attack surface with fewer identity silos, redundant identities, and local accounts. Manage privileged user and service accounts from Windows and Linux in Active Directory. Just-in-time, fine-grained access control with RBAC and our patented Zones technology. Complete audit trail for security review, corrective action, and compliance reporting. -
24
Clarity Security
Clarity Security
Eliminate audit angst with 10-minute user access reviews, flexible provisioning/de-provisioning workflows, and audit-friendly reporting, all in one simple, scalable IGA platform. White-glove onboarding takes the burden of implementing a solution off of team members reducing the impact on other IT initiatives. Automated evidence collection into a downloadable ledger mitigates the need for wasted time gathering spreadsheets, screenshots, etc. Nested entitlements and Clarity Explorer provide insight into what’s giving users access and why they’re being granted that access. True role-based access control (RBAC) and automated workflows for full alignment with your organizational structure and needs. Unlike "traditional" manual methods, Clarity has everything you need to quickly upgrade your identity governance program and seamlessly adapt it as your organization grows. Fast reviews for certifying user access, entitlements, roles, application access, and more. -
25
Bravura Identity
Bravura Security
Bravura Identity is an integrated solution for managing identities, groups and security entitlements across systems and applications. It ensures that users are granted access quickly, that entitlements are appropriate to business need and that access is revoked once no longer needed. Users have too many login IDs. A typical user in a large organization may sign into 10 to 20 internal systems. This complexity creates real business problems. Bravura Identity manages the lifecycles of identities, accounts, groups and entitlements. It includes automation to grant and revoke access, after detecting changes on systems of record. A web portal for access requests, profile updates and certification. Full lifecycle management for groups and roles on target systems. A workflow manager to invite people to approve requests, review access or complete tasks. Policy enforcement related to SoD, RBAC, risk scores, privacy protection and more. Reports, dashboards and analytics. -
26
Styra
Styra
The fastest and easiest way to operationalize Open Policy Agent across Kubernetes, Microservices or Custom APIs, whether you're a developer, an admin, or a bit of both. Need to limit which folks can access your pipeline, based on who is currently on call? Simple. Want to define which microservices can access PCI data? We got you. Have to prove compliance with regulations across your clusters? No sweat. Built on open-source, and declarative by design, Styra Declarative Authorization Service gives you a turnkey OPA control plane to mitigate risk, reduce human error, and accelerate development. A built-in library of policies. Built on our OPA project let you implement and customize authorization policy-as-code. Pre-running lets you monitor and validate policy changes before committing, to mitigate risk before deployment. Declarative model defines desired state to prevent security drift and eliminate errors, before they can occur.Starting Price: $70 per month -
27
NextLabs
NextLabs
NextLabs CloudAz is a zero trust policy platform that enforces security policies consistently across the enterprise and beyond. It’s powered by a patented dynamic authorization policy engine and is the backbone of NextLabs’ Data Centric Security Suite consisting of Entitlement Management, Data Access Security, and Digital Rights Management (DRM) products. CloudAz integrates automated data classification, attribute-based access control (ABAC), data masking & segregation, digital rights (DRM) protection, and audit capabilities into one powerful platform that enables you to better align policies with rapidly changing business requirements while keeping up with the increasing cybersecurity challenge. The platform can be delivered either on-premises or in the cloud. -
28
Apache Sentry
Apache Software Foundation
Apache Sentry™ is a system for enforcing fine grained role based authorization to data and metadata stored on a Hadoop cluster. Apache Sentry has successfully graduated from the Incubator in March of 2016 and is now a Top-Level Apache project. Apache Sentry is a granular, role-based authorization module for Hadoop. Sentry provides the ability to control and enforce precise levels of privileges on data for authenticated users and applications on a Hadoop cluster. Sentry currently works out of the box with Apache Hive, Hive Metastore/HCatalog, Apache Solr, Impala and HDFS (limited to Hive table data). Sentry is designed to be a pluggable authorization engine for Hadoop components. It allows you to define authorization rules to validate a user or application’s access requests for Hadoop resources. Sentry is highly modular and can support authorization for a wide variety of data models in Hadoop. -
29
Cloudentity
Cloudentity
Cloudentity increases development velocity, audit efficiency and risk mitigation by advancing fine-grained authorization policy management and delivering continuous, transaction-level enforcement across hybrid, multi-cloud and microservice environments. Externalize authorization management that empowers developers to efficiently create policy-as-code, provision standardized controls, and invoke contextual access and data exchange enforcement as close to the service as possible. Accelerate application delivery by expediting security validation with full data lineage for audit, forensics and compliance. Cloudentity provides dynamic authorization governance that delivers policy automation and adaptive control ensuring Zero Trust between users, apps, services and data. Automate app, service and API inventory, authorization policy standardization, and declarative authorization provisioning to streamline release security verification. -
30
Amazon Verified Permissions
Amazon
Amazon Verified Permissions is a fully managed authorization service that uses the provably correct Cedar policy language, so you can build more secure applications. With Verified Permissions, developers can build applications faster by externalizing authorization and centralizing policy management. They can also align authorization within the application with Zero Trust principles. Security and audit teams can better analyze and audit who has access to what within applications. Accelerate application development by decoupling authorization from business logic. Protect application resources and manage user access to the principle of least privilege. Amazon Verified Permissions is a fully managed, Cedar-compatible permissions management and fine-grained authorization service for the applications that you build. Using Cedar, an expressive, performant, and analyzable open source policy language, developers and admins can define policy-based access controls.Starting Price: $0.00015 per request -
31
VMware Cloud Director
Broadcom
VMware Cloud Director is a leading cloud service-delivery platform used by some of the world’s most popular cloud providers to operate and manage successful cloud-service businesses. Using VMware Cloud Director, cloud providers deliver secure, efficient, and elastic cloud resources to thousands of enterprises and IT teams across the world. Use VMware in the cloud through one of our Cloud Provider Partners and build with VMware Cloud Director. A policy-driven approach helps ensure enterprises have isolated virtual resources, independent role-based authentication, and fine-grained control. A policy-driven approach to compute, storage, networking and security ensures tenants have securely isolated virtual resources, independent role-based authentication, and fine-grained control of their public cloud services. Stretch data centers across sites and geographies; monitor resources from an intuitive single-pane of glass with multi-site aggregate views. -
32
Permit.io
Permit.io
Full Stack Permissions as a service. Check authorization as done, focus on your core product. Use the right tool for the right task. Use the right language for the right policy. Say no to Lock-in. Mix and match the policy engines you need. Permit.io supports OPA's Rego and now adds AWS' Cedar, and Amazon Verified Permissions. Generate Policy as code directly into Git, and deploy in realtime into the agent in your app. Makes granting permissions as easy as checking a box. Manage and edit your policies with in seconds instead of days. Work with a simple UI, API, or directly with Rego code. Enable multi-tenancy, RBAC, ABAC, ReBAC, and more with a single streamlined interface. Provide low-code/no-code interfaces for non-technical users. Ensure future requirements are met with policy as code. Get Git Ops support out-of-the-box. -
33
EmpowerID
EmpowerID
EmpowerID is the award winning all-in-one identity management and cloud security suite developed by The Dot Net Factory, LLC dba "EmpowerID". Responsible for managing millions of internal and external cloud and on-premise identities for organizations around the globe, EmpowerID delivers the broadest range of ready to use IAM functionality. In-depth out of the box solutions include: single sign-on, user provisioning, identity governance, group management, role mining, delegated identity administration, password management, privileged access management, access management for SharePoint, and an identity platform for application developers. All solutions leverage a single sophisticated role and attribute-based authorization engine that handles complex organizations and even multi-tenant SaaS providers. We provide a highly scalable, fully customizable IAM infrastructure that delivers results in a more time and cost-efficient manner for your enterprise.Starting Price: $2 per user per month -
34
Gate22
ACI.dev
Gate22 is an enterprise-grade AI governance and MCP (Model Context Protocol) control platform that centralizes, secures, and observes how AI tools and agents access and use MCP servers across an organization. It lets administrators onboard, configure, and manage both external and internal MCP servers with fine-grained, function-level permissions, team-based access control, and role-based policies so that only approved tools and functions can be used by specific teams or users. Gate22 provides a unified MCP endpoint that bundles multiple MCP servers into a simplified interface with just two core functions, so developers and AI clients consume fewer tokens and avoid context overload while maintaining high accuracy and security. The admin view offers a governance dashboard to monitor usage patterns, maintain compliance, and enforce least-privilege access, while the member view gives streamlined, secure access to authorized MCP bundles.Starting Price: Free -
35
badook
badook AI
badook allows data scientists to write automated tests for data used in training and testing AI models (and much more). Validate data automatically and over time. Reduce time to insights. Free data scientists to do more meaningful work. badook’s AutoExplorer automatically analyses your data for potential issues, patterns and trends. badook’s Test SDK simplifies the authoring of data tests while providing powerful capabilities. You can author data tests, from simple data validity to advanced statistical and model-based tests with ease, and automate throughout your system’s lifecycle, from development to run-time. badook is designed to run in your cloud environment without giving up the comforts and ease of a fully managed SaaS. Our dataset-level Role-Based Access Control (RBAC) gives you the ability to author company-wide tests without compromising security and complying with the most strict regulations. -
36
Azure Data Lake Storage
Microsoft
Eliminate data silos with a single storage platform. Optimize costs with tiered storage and policy management. Authenticate data using Azure Active Directory (Azure AD) and role-based access control (RBAC). And help protect data with security features like encryption at rest and advanced threat protection. Highly secure with flexible mechanisms for protection across data access, encryption, and network-level control. Single storage platform for ingestion, processing, and visualization that supports the most common analytics frameworks. Cost optimization via independent scaling of storage and compute, lifecycle policy management, and object-level tiering. Meet any capacity requirements and manage data with ease, with the Azure global infrastructure. Run large-scale analytics queries at consistently high performance. -
37
Devolutions Gateway
Devolutions
Traditional remote access tools like VPNs (Virtual Private Network) can introduce complexity, performance issues, and security gaps. Devolutions Gateway offers a safer alternative: lightweight, memory-safe tunnels that open only when needed. Whether you're managing external contractors or remote IT teams, sessions are relayed securely without exposing backend servers. Gateway supports RDP (Remote Desktop Protocol), SSH (Secure Shell), VNC (Virtual Network Computing), PowerShell, and more—all brokered through just-in-time (JIT) access using pre-authorized tokens. The Remote Access Management package adds everything needed: Devolutions Launcher for one-click access, Hub or Server for storing and controlling credentials, and role-based access control (RBAC) to ensure each user sees only what they’re authorized. Every action is logged. Together, they replace VPNs with an auditable, fast, and flexible access model - ideal for organizations that prioritize security and ease of use.Starting Price: $20/month/user -
38
BastionZero
BastionZero
Infrastructure teams must manage painful VPNs, homegrown bastion hosts, overprivileged certificate authorities, and long-lived credentials that present huge security risks. Infrastructure teams can easily configure, manage and secure fine-grained access controls to infrastructure targets in any cloud or on-prem environments. A single system for access all of your targets (servers, containers, clusters, databases, webservers) so you don’t have to manage an ever-growing set of systems. Provide zero-trust access to your targets by putting them behind your SSO and adding an independent MFA. Stop managing passwords. Use policy to control which users can log into which target under which role or user account. Capture the specific commands that a user ran on a target under a role or account via BastionZero’s access logs, command logs and session recordings.Starting Price: $300 per month -
39
Enable zero-trust access for all apps, legacy and modern, with highly scalable identity- and context-based access controls. Deploy zero-trust model validation based on granular context, securing every app access request. Secure access to apps with a fine-grained approach to user authentication and authorization that enables only per-request context- and identity-aware access. Integrating with existing SSO and identity federation solutions, users can access all their business apps via a single login, regardless of whether the app is SAML enabled or not. Enable social login to simplify access authorization from trusted third-party identity providers like Google, LinkedIn, Okta, Azure AD, and others. Leverage third-party UEBA and risk engines via REST APIs to inform policy-based access controls using the API connector for more layered security. BIG-IP APM is available in all business models including perpetual licenses, subscription, public cloud marketplace, and ELAs.
-
40
Apache Ranger
The Apache Software Foundation
Apache Ranger™ is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform. The vision with Ranger is to provide comprehensive security across the Apache Hadoop ecosystem. With the advent of Apache YARN, the Hadoop platform can now support a true data lake architecture. Enterprises can potentially run multiple workloads, in a multi tenant environment. Data security within Hadoop needs to evolve to support multiple use cases for data access, while also providing a framework for central administration of security policies and monitoring of user access. Centralized security administration to manage all security related tasks in a central UI or using REST APIs. Fine grained authorization to do a specific action and/or operation with Hadoop component/tool and managed through a central administration tool. Standardize authorization method across all Hadoop components. Enhanced support for different authorization methods - Role based access control etc. -
41
Fine-grained access control and visibility for centrally managing cloud resources. Identity and Access Management (IAM) lets administrators authorize who can take action on specific resources, giving you full control and visibility to manage Google Cloud resources centrally. For enterprises with complex organizational structures, hundreds of workgroups, and many projects, IAM provides a unified view into security policy across your entire organization, with built-in auditing to ease compliance processes. We recognize that an organization’s internal structure and policies can get complex fast. Projects, workgroups, and managing who has authorization to do what all change dynamically. IAM is designed with simplicity in mind: a clean, universal interface lets you manage access control across all Google Cloud resources consistently. So you learn it once, then apply everywhere.
-
42
NdSecure
Ndende Technologies
NdSecure is a Single Sign-On (SSO) and Identity and Access Management (IAM) solution. Ndsecure offers a user-friendly, flexible, and customizable identity and access management solution capable of operating within a diverse industry-centric architecture. The role played by NdSecure is to provide a robust and secure logical access control environment, incorporating strong authentication methods. The objective is to prevent unauthorized access to the corporate management system, thereby reducing frauds arising from insider threats. NdSecure’s API management platform provides more advanced ways for the workforce to control access to various applications. By leveraging existing request content and identity stores, NdSecure can provide: • Policy-based authentication • Coarse and fine-grained authorization • Single sign-on (using SAML, OpenId Connect, social log-in or OAuth-based federation) • Support for Common Criteria • Uses FIDO 2.0 and W3C WebAuthnStarting Price: $8/month/user -
43
Aruba ClearPass
Aruba Networks
HPE Aruba Networking ClearPass Policy Manager protects your network with policies based on Zero Trust security principles to support hybrid workplace initiatives, IoT devices, and the connected edge. It simplifies access for authorized users and devices with least‑privilege controls, protecting visitors, partners, customers, and employees across Wi‑Fi, wired, and WAN networks with integrated guest portals, device configuration monitoring, and SASE‑aligned Zero Trust security. Integrated Zero Trust security prepares IT teams to implement reliable, role‑based policies for enterprise‑wide Zero Trust enforcement. Its broad partner ecosystem enables seamless integration with existing security technologies, while dynamic, identity‑based traffic segmentation ensures consistent protection across all network environments. HPE Aruba Networking ClearPass Policy Manager helps security teams authenticate, authorize, and enforce secure network access with role‑based and Zero Trust policies. -
44
Azure Resource Manager
Microsoft
Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment. When a user sends a request from any of the Azure tools, APIs, or SDKs, Resource Manager receives the request. It authenticates and authorizes the request. Resource Manager sends the request to the Azure service, which takes the requested action. Because all requests are handled through the same API, you see consistent results and capabilities in all the different tools. All capabilities that are available in the portal are also available through PowerShell, Azure CLI, REST APIs, and client SDKs. Functionality initially released through APIs will be represented in the portal within 180 days of initial release. -
45
System Frontier
Noxigen
PowerShell web front end with role based access control, auditing and remote management tools. Delegate granular permissions to manage servers, workstations, network devices and user accounts. Privileged Access Management (PAM). Let System Frontier do all the heavy lifting so you can focus on your enabling your IT teams to get more done without having more permissions than needed.Starting Price: $5 -
46
SecuPi
SecuPi
SecuPi provides an overarching data-centric security platform, delivering fine-grained access control (ABAC), Database Activity Monitoring (DAM) and de-identification using FPE encryption, physical and dynamic masking and deletion (RTBF). SecuPi offers wide coverage across packaged and home-grown applications, direct access tools, big data, and cloud environments. One data security platform for monitoring, controlling, encrypting, and classifying data across all cloud & on-prem platforms seamlessly with no code changes. Agile and efficient configurable platform to meet current & future regulatory and audit requirements. No source-code changes with fast & cost-efficient implementation. SecuPi’s fine-grain data access controls protect sensitive data so users get access only to data they are entitled to view, and no more. Seamlessly integrate with Starburst/Trino for automated enforcement of data access policies and data protection operations. -
47
Intrinsic
Decoy Technologies
Craft your own policies beyond standard abuse categories and enforce them in just minutes. Intrinsic is a platform for building AI agents for user trust. We hook directly into your existing workflows, and gradually help enhance human review with automation safely and seamlessly. Automate moderation of text, images, videos and reports with a system that gets better with every moderation action. Manage review queues and escalations easily with fine-grained RBAC permissions. Make data-driven decisions based on policy performance reports and platform-wide health monitoring. Access advanced security, AI-powered analytics, and comprehensive information governance. -
48
AppScaler
XPoint Network
What does AppScaler CMS do? Managing, monitoring and reporting on growing distributed networks is increasingly complex and costly, AppScaler CMS allows you to manage one or more AppScaler devices from a single management server. AppScaler CMS provides organizations, distributed enterprises and service providers with a powerful and intuitive solution to centrally manage and rapidly deploy AppScaler devices and provides centralized, real-time monitoring and comprehensive application performance reporting. Central AppScaler Policy Management AppScaler CMS ensures governance and compliance with centrally managed configuration: Import the configuration from AppScaler device in one click. Comprehensive policy management on load balancing of each AppScaler device. Configuration backup and restore. AppScaler Firmware Upgrade Role-based access control. AppScaler CMS provides fine-grained, role-based access control with which you can grant access permissions. -
49
Ionic Machina
Ionic
Data security is managed in silos, but sensitive data traverses multiple applications, environments, data stores, and devices. This makes it challenging to scale data security and implement consistent access controls. Machina is your agile and dynamic authorization solution that easily handles modern challenges. Manage your shared responsibility to secure data at rest and in transit in the cloud and on-prem. Track how data is handled and accessed; audit how policies are enforced across your organization. Deliver context-aware dynamic authorization for each access request to maintain least privilege. Abstract access logic from app code to orchestrate policy enforcement across multiple environments. Implement and enforce consistent access policies in real-time across applications, repositories, workloads, and services. Monitor and analyze data handling and policy enforcement across your enterprise, and generate audit-ready proof of compliance. -
50
Calico Enterprise
Tigera
A self-managed, active security platform with full-stack observability for containers and Kubernetes. Calico Enterprise is the industry’s only active security platform with full-stack observability for containers and Kubernetes. Calico Enterprise extends the declarative nature of Kubernetes to specify security and observability as code. This ensures consistent enforcement of security policies and compliance, and provides observability for troubleshooting across multi-cluster, multi-cloud and hybrid deployments. Implement zero-trust workload access controls for traffic to and from individual pods to external endpoints on a per-pod basis, to protect your Kubernetes cluster. Author DNS policies that implement fine-grained access controls between a workload and the external services it needs to connect to, like Amazon RDS, ElastiCache, and more.
