When we think about getting access to an application, we tend to focus on the authentication side — granting or denying people (or devices) entry. But there is another piece to this, and that’s authorization. This is related to what you can do once you are inside the application, and Oso, an early stage startup, has created an open source library for developers to make it easier to build authorization in their applications.
Today, the company announced an $8.2 million Series A led by Sequoia with participation from SV Angel, Company Ventures, Highland Capital and numerous angel investors. When combined with a $2.7 million seed round from 2019, it brings the total raised to $10.9 million.
Company co-founder and CEO Graham Neray says that developers have benefited from tools like Stripe and Twilio to normalize the use of third-party APIs to offload parts of the application that aren’t core to the value prop. Oso does the same thing, except for authorization.
“We help developers to speed up their authorization roadmaps by up to 4x, and the way that we do that is by providing this library, which comes with pre-built integrations, guides and an underlying policy language,” Neray explained.
He says that authorization is a misunderstood concept, and as though to confirm this, when I tried to explain Oso to a colleague, his first thought was that it is an Okta competitor. It’s not. As Neray explains authorization and authentication are related, but are in fact different and require a different set of tools.
While tools like Okta grant you access, authorization determines what buttons can you click, what pages, can you see, what data can you access. Most developers handle this manually by writing the authorization code themselves, linking it to Active Directory (or a similar tool) and fashioning a permissions matrix. Oso’s goal is to remove that burden and provide a set of tools to abstract away most of the complexity.
The tool is open source and the startup is concentrating on building a community of users for now to build developer interest. Over time, they fully intend to build a commercial company on top of that, but are still thinking about how that will look.
For now, the company, which launched in 2018, has 9 employees with plans to triple over the next 18 months. Naray and co-founder and CTO Sam Scott are thinking carefully about how to build a diverse, inclusive and equitable company as they grow. That means hiring from underrepresented groups, treating them fairly and making them feel like they belong. Naray says at this point, he is doing all of the hiring.
“I make a concerted effort to ensure that our pipeline is as diverse as I want the team to be — full stop — and that’s the only way to do it,” he said.
He adds that while building a diverse workforce is the morally right thing to do for him and his co-founder, there is also a practical business side to this too. “We don’t want to build an echo chamber with people from the same background, the same thought process and all the same upbringing,” he said.
When the company can return to the office, the plan is to have a home base, but let folks work where they want and how they want. “The plan is we will have an office in New York, and we will have remote team members. So in one form or another it will be hybrid,” Naray said.