Enterprise OPA Platform vs PlainID
Eric Kao
The Enterprise OPA Platform is an authorization platform for all the software you build. Based on the Open Policy Agent standard used at half of Fortune 100, the Enterprise OPA Platform unifies authorization management across your organization to help developers deliver innovative software for your workforce and customers while satisfying compliance and audits.
The PlainID Identity Security Posture Management Platform is an identity-focused platform for access control and security.
Key similarities and differences:
- Both platforms integrate with your existing identity providers and provide visibility, central policy management, and dynamic authorization.
- The Enterprise OPA Platform works with your existing development workflows to enable smooth developer adoption.
- The Enterprise OPA Platform offers greater support for shared responsibility in policy management in a complex organization. For example, the platform enables a central IAM platform team to provide policy catalogs, composable policy components, and policy standards that support application development teams through an organization.
- The PlainID Identity Security Posture Management Platform provides some support for enforcing access control on third-party SaaS.
| The Enterprise OPA Platform | The PlainID Identity Security Posture Management Platform | |
|---|---|---|
Use Cases |
||
| Application Authorization | ||
| API Gateways | ✅ | ✅ |
| Microservices | ✅ | ✅ |
| Service Mesh | ✅ | ✅ |
| Custom Backend Enforcement | ✅ | 🟡 Only yes/no answers |
| Custom Frontend Enforcement | ✅ | 🟡 Impractical (only yes/no answers) |
| Arbitrary JSON input/output | ✅ | ❌ |
| Custom Embedded Integration | 🟡 Go Library | ❌ |
| Third-party SaaS | ❌ | 🟡 Power BI and Zscaler Private Access |
| Other Authorization | ||
| Kubernetes Admission | ✅ | ❌ |
| Terraform Validation | ✅ | ❌ |
| Kafka Topics | ✅ | ❌ |
| Cloud Formation | ✅ | ❌ |
| Docker | ✅ | ❌ |
| SSH | ✅ | ❌ |
| Arbitrary JSON input/output | ✅ | ❌ |
| Data Sources | ||
| Active Directory and LDAP | ✅ | ✅ |
| REST Endpoint | ✅ | ✅ |
| SQL | ✅ | ✅ |
| MongoDB | ✅ | ❌ |
| DynamoDB | ✅ | ❌ |
| Neo4j | ✅ | ❌ |
| Kafka | ✅ | ❌ |
| Git | ✅ | 🟡 Potentially as generic REST Endpoint |
| Amazon S3 | ✅ | 🟡 Potentially as generic REST Endpoint |
| Google Cloud Storage | ✅ | 🟡 Potentially as generic REST Endpoint |
Policy Lifecycle |
||
| Policy Management | ||
| Versioned Policy Distribution | ✅ | ✅ |
| Policy management by API | ✅ | ✅ |
| Git / GitOps Updates | ✅ | ❌ |
| Policy Testing | ||
| Manual Cases Testing | ✅ | ✅ |
| Impact Analysis (historical requests) | ✅ | ❌ |
| Impact Analysis (live requests) | ✅ | ❌ |
| Collaboration at Scale | ||
| Policy Catalog (of complete policies) | ✅ | ✅ |
| Policy Library (reusable components) | ✅ | ❌ |
| Policy Hierarchy | ✅ | ❌ |
| Policy Authoring | ||
| Policy as Code Standard | ✅ Full Rego support | 🟡 Restricted version of Rego |
| Editor Extensions | ✅ | ❌ |
| Web IDE | ✅ | ✅ |
| No-code Policy Builder | ✅ | ✅ |
| Learning Resources | ||
| Language Server | ✅ Regal | ❌ |
| Free Online Courses | ✅ Styra Academy | ❌ |
| Online Playground | ✅ | ❌ |
Audit Functionality |
||
| Logging of Policy Version | ✅ | ✅ |
| Structured Logging | ✅ | ✅ |
| Log Sinks | ||
| Console (stdout) Log Sink | ✅ | ✅ |
| HTTP Log Sink | ✅ | ✅ |
| Splunk Log Sink | ✅ | ❌ |
| Kafka Log Sink | ✅ | ❌ |
| S3 Log Sink | ✅ | ❌ |
