Skip to main content

Introduction to Okta Fine Grained Authorization (FGA)

Okta FGA is a scalable authorization service for developers that allows implementing authorization for any kind of application and smoothly evolve as complexity increases over time

Inspired by Google’s Zanzibar, Google’s internal authorization system, Okta FGA relies on Relationship-Based Access Control, which allows developers to easily implement Role-Based Access Control and provides additional capabilities to implement Attribute-Based Access Control. You can learn more about different authorization concepts here.

Okta FGA is based on OpenFGA, an open-source project owned by the Cloud Native Computing Foundation for which Okta is a core maintainer.


Okta FGA provides developers the following benefits:

  • Move authorization logic outside of application code, making it easier to write, change and audit
  • Increase velocity by standardizing on a single authorization solution.
  • Centralize authorization decisions and audit logs making it simpler to comply with security and compliance requirements
  • Help their products to ship faster by allowing to easily evolve authorization policies
  • A highly available and scalable solution that is deployed in two AWS regions for each jurisdiction (US, Europe, Australia) with active-active replication.


Okta FGA helps developers achieve those benefits with these features:

Free tier

You can use Okta FGA for free for evaluation purposes or purchase a subscription for production usage.

Authorization Concepts

Learn about Authorization.

Product Concepts

Learn about Okta FGA.

Modeling: Getting Started

Learn about how to get started with modeling your permission system in Okta FGA.

Have Feedback?

You can use any of our support channels for any questions or suggestions you may have.