← Back to catalog OpenFGA · managed by DINAO

Sovereign fine-grained authorization for your apps

A high-performance authorization engine inspired by Google Zanzibar, installed and maintained by DINAO. Your permission models and relationships stay on our French servers — at the heart of your security.

Hosted in FranceMillisecond responsesReBAC · RBAC · ABACGDPR CompliantOfficial publisher image
Overview

What is OpenFGA?

OpenFGA is a fine-grained authorization engine, open source and highly performant, inspired by Google's Zanzibar paper. Initially developed by Auth0/Okta and then donated to the CNCF (Cloud Native Computing Foundation), it is today an incubating project used in production by Grafana, Docker, and Canonical.

It combines relationship-based authorization (ReBAC) with role-based (RBAC) and attribute-based (ABAC) approaches, using a dedicated modeling language that makes authorization schemas easy to create and scale, regardless of size. Authorization checks respond in milliseconds.

OpenFGA exposes an HTTP and gRPC API, SDKs in many languages, relies on PostgreSQL or MySQL, and offers native observability via OpenTelemetry — allowing you to cleanly offload the authorization logic for all your services.

Compatible offers

Host OpenFGA at DINAO

Resource tiers compatible with OpenFGA prerequisites (minimum 1 vCPU / 512 Mo / 2 Go). Hosted in France, fully managed.

Découverte
1 vCPU · 2 Go · 20 Go
9,90 € /month excl. VAT
  • 1 dedicated vCPU
  • 2 Go RAM
  • 20 GB NVMe
  • Daily backups
  • Managed & monitored by DINAO
Order
Performance
4 vCPU · 8 Go · 80 Go
39,90 € /month excl. VAT
  • 4 dedicated vCPU
  • 8 Go RAM
  • 80 GB NVMe
  • Daily backups
  • Managed & monitored by DINAO
Order
Dédié
8 vCPU · 16 Go · 160 Go
79,90 € /month excl. VAT
  • 8 dedicated vCPU
  • 16 Go RAM
  • 160 GB NVMe
  • Daily backups
  • Managed & monitored by DINAO
Order
Under the hood

Technical details

vCPU
1 vCPU
ideal : 2 vCPU
Memory
512 Mo
ideal : 2 Go
Disk
2 Go
ideal : 10 Go
Image : openfga/openfga Registry : docker.io Services : postgres, migrate, openfga Ports : 8080/tcp (API HTTP), 8081/tcp (API gRPC), 3000/tcp (Playground, dev), 2112/tcp (métriques Prometheus)
FAQ

You might be wondering…

What is OpenFGA exactly for?

OpenFGA is a fine-grained authorization engine: you model 'who is allowed to do what on what', and then your applications query it via an API to verify permissions in real time.

What authorization models does it support?

Inspired by Google's Zanzibar paper, it focuses on ReBAC (relationship-based authorization) and also covers RBAC (role-based) and ABAC (attribute-based) cases thanks to a dedicated modeling language.

Is it fast enough for production?

Yes. OpenFGA responds to checks in milliseconds and scales to projects of all sizes. It is used in production by Grafana, Docker, and Canonical.

Where is authorization data stored?

On DINAO's French infrastructure, in an isolated container, within a private PostgreSQL or MySQL database. Your models and tuples never leave the territory.

Can I change plans or export my data?

Yes. You can upgrade or downgrade at any time, and your authorization models and tuples remain exportable — no proprietary lock-in.