Skip to main content

Okta FGA vs OpenFGA - what’s the difference?

Okta FGA is based on OpenFGA, an open-source authorization system owned by the Cloud Native Foundation, of which Okta is a key maintainer.

OpenFGA is free to use and has the same core functionality as Okta FGA. However, running an authorization service at scale can be challenging, and doing is part of the value provided by Okta FGA.

Below is a list of the differences between the products:

FeaturesOkta Fine Grained AuthorizationOpenFGA
Availability Deployed in two cloud regions per jurisdiction (US/Australia/Europe) and uses a database configured with Active-Active replication, so it can survive a regional AWS failure.Customers are responsible for availability. OpenFGA currently supports Postgres and MySQL, which must be failed over another replica in a data emergency.
ScalabilityOkta FGA has been tested with 1M RPS and 100 billion relationship tuples.Customers must run their own performance and load testing.
Cloud SecurityOkta secures the cloud perimeter.Customer is responsible for securing  the cloud perimeter.
Database MigrationsOkta runs database migrations with no downtime.Customers must run their own database migrations, which can lead to downtime.
BackupsOkta FGA database supports point-in-time recovery and is backed up frequently .Customers must run their own database backups.
Security PatchesOkta updates OpenFGA with the latest security patches. Customers must update their OpenFGA version. 
MonitoringOkta monitors uptime and latency and is responsible for resolving production issues with the product. Customers must monitor the uptime/latency and handle production issues.
Status PageOkta provides a status page to monitor availability. Customers must manage their own OpenFGA communications.
SupportOkta provides enterprise support with Technical Account Managers, 24x7 pager support, Premier support options, and SLAs, in accordance with the customer's support level. No support is provided.
DashboardOkta offers an SSO-enabled dashboard, where multiple users can collaborate on FGA stores and models and where admins/developers can manage API keys.No dashboard available. 
Cloud Infrastructure ProvisioningOkta provisions and manages the cloud services required to run Okta FGA.The customer manages the cloud infrastructure.
AutoscalingOkta configures services and databases to autoscale.Customers configure their own auto scaling policies.
Disaster RecoveryOkta has disaster recovery processes in place for Okta FGA.Customers must implement their own disaster recovery processes. 
Data ResidencyOkta ensures compliance with each country’s data residency laws, including our own services and those of our subprocessors.Customers ensure compliance with data residency laws.

Have Feedback?

You can use any of our support channels for any questions or suggestions you may have.