4.3k

All integrations
SecureAuth
Identity providers

Cerbos authorization for SecureAuth

SecureAuth provides adaptive authentication with risk-based MFA and continuous identity assurance. Cerbos uses SecureAuth's identity attributes and risk signals to evaluate fine-grained authorization policies, bringing risk-aware access control into your applications.

Risk-aware policies

Risk-aware policies

Factor SecureAuth's adaptive authentication signals and risk context into Cerbos authorization decisions

Assurance-level access

Assurance-level access

Write policies that consider authentication strength and session risk alongside user roles and resource attributes

Adaptive + fine-grained

Adaptive + fine-grained

SecureAuth adapts authentication to risk. Cerbos adapts authorization to context. Together they provide layered access control.

How Cerbos works with SecureAuth

SecureAuth handles authentication, confirming who a user is. Cerbos handles authorization, deciding what that user can do. Together they give you a complete access control stack without coupling identity logic to business rules.

Cerbos lets you write fine-grained, context-aware authorization policies in human-readable YAML. Policies are decoupled from application code so product and security teams can update permissions without a release cycle.

Because Cerbos runs as a stateless Policy Decision Point (PDP) next to your application, authorization checks are sub-millisecond and scale horizontally with your infrastructure.

Policy-as-codeHuman-readable YAML policies managed like source codeScalable PDPStateless policy decision point with sub-millisecond latencyCentralized managementManage, test, and deploy policies from a single control plane

How Cerbos works with SecureAuth

  1. Users authenticate via SecureAuth, SecureAuth handles login with adaptive authentication, evaluating risk factors such as device posture, location, and behavioral patterns to determine MFA requirements.
  2. Extract identity from the SecureAuth token, Your application validates the SecureAuth-issued token and extracts the user's roles, group memberships, and any authentication context such as assurance level.
  3. Send identity and resource context to Cerbos, Pass the SecureAuth user attributes as principal attributes alongside the target resource and desired action to the Cerbos PDP.
  4. Cerbos evaluates policies and returns a decision, Cerbos evaluates your YAML policies against the SecureAuth identity data and resource attributes, returning allow or deny. Your application enforces the result.

FAQ

How does Cerbos work with SecureAuth?

SecureAuth authenticates users with adaptive, risk-based methods and provides identity attributes including roles, group memberships, and authentication context. Cerbos receives these attributes and evaluates them against your authorization policies to make fine-grained, resource-level access decisions.

Can Cerbos use SecureAuth's risk signals in authorization policies?

Yes. SecureAuth evaluates risk based on device posture, location, and user behavior. If your application passes these risk signals to Cerbos as principal or context attributes, your policies can factor authentication assurance level into access decisions, for example restricting sensitive operations to low-risk sessions.

Does Cerbos replace SecureAuth's access controls?

No. SecureAuth controls authentication strength and step-up MFA based on risk. Cerbos controls what authenticated users can do within your applications. SecureAuth determines how confidently a user is authenticated. Cerbos determines what resources they can access.

Learn more about Cerbos

How Cerbos worksCerbos PDPCerbos HubWebinars and ebooksFeatures & use casesSuccess stories

Related integrations

View all integrations →
Auth0
Auth0Map Auth0 Actions, Organizations, and roles to Cerbos policy inputs
Identity providers
Authentik
AuthentikAuthentik property mappings shape token claims for Cerbos policy inputs
Identity providers
AWS Cognito
AWS CognitoCognito user pool groups and custom attributes as Cerbos policy inputs
Identity providers
Clerk
ClerkClerk session claims and Organizations drive Cerbos policy evaluation
Identity providers
Curity
Curity Identity ServerCurity token procedure claims as principal attributes in Cerbos
Identity providers
Descope
DescopeDescope JWT claims, tenant data, and role assignments feed into Cerbos policy evaluation
Identity providers

Cerbos + SecureAuth

  • Cerbos extends SecureAuth roles with fine-grained, attribute-based permissions
  • Policies defined in human-readable YAML, managed as code
  • Authorization logic decoupled from application code
  • Sub-millisecond policy evaluation via stateless PDP
Book a free policy workshopTry the Playground
Cerbos
/assets/footer/socials/x.svg/assets/footer/socials/github.svg/assets/footer/socials/mail.svg/assets/footer/socials/youtube.svg/assets/footer/socials/linkedin.svg/assets/footer/socials/slack.svg/assets/footer/socials/npm.svg/assets/footer/socials/rss.svg
/assets/footer/compliance/soc-2.svg/assets/footer/compliance/gdpr.svg

What is Cerbos?

Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.

Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.

© 2026 Cerbos.dev

Terms of Service

Privacy Policy

Trusted Tester Agreement

Trademark Guidelines