We all know what authentication is. You enter a username and password or use your face or your fingerprint, and you can access a device or an application, but what you can do with that application or device falls under the realm of authorization, authentication’s close cousin. For years, developers have been forced to build their own authorization tooling, and unless you’re one of the bigger companies, that takes resources that a lot of organizations simply don’t have.
Oso’s mission is to make it easier to add authorization to any application. “Authorization is a $25 billion market. It’s a problem that every company has to solve. But no one got out of bed to think about it except for my team and me,” company CEO Graham Neray told TechCrunch.
Investors see the same potential, and today the company announced a $15 million round led by Felicis with participation from Sequoia and Harpoon Ventures. While it was at it, the company also announced that a new version of the Oso tooling is now available.
Neray points out that companies like Slack, Google and Airbnb have spent a lot of time and engineering resources building authorization tooling. “The problem is most companies don’t have the resources of a company like Google or Slack, so they limp along. Their systems are terrible and the engineers’ experience is kind of like a Groundhog Day scenario of building these systems over and over again, even though no one wants to. And Oso solves that problem,” he said.
Part of the company’s approach to this is to educate people on the nature of the problem, and how important it is to solve, which has the added benefit of acting as a marketing driver to the open source version of the product, which can in turn lead to sales of the cloud product.
“We’ve also built an extensive library of technical documentation, not specific to Oso, to educate developers on the domain. And as part of that what we’re doing is we’re providing vocabulary and mental models to understand their own authorization problems. So we published a series called Authorization Academy. It’s a series of technical guides on how to build application authorization,” he explained.
In addition to the open source product, which Neray says has been downloaded millions of times, the company added Oso Cloud last year with ARR from that product growing 20% month over month. He says they are doing this without any outbound sales to this point.
“On top of that, our motion is entirely product led and inbound. So what I mean by that is we’re not doing outbound [sales and marketing]. We don’t currently have salespeople, though I’m sure we will in the future. And all of our paid customers started on the free tier, which is no small feat, especially given the microscope under which businesses are being put about how they spend their money and how efficient they are,” Neray said.
And being efficient has meant keeping the company lean with just 13 employees so far. But with the $15 million investment, the startup does plan to start hiring more people this year, and as he does, he is considering how to build a diverse workforce.
“So it starts from the top. It is much more common to find people who are interested in working for a leadership team with which they can identify, and so I think that’s a core part of the strategy,” he said. And that means making sure the leadership team is diverse as the company grows.
As the company puts the additional $15 million in capital to work, Neray is focused on the opportunity he sees in the authorization space.
“I think the combination of the size of the opportunity, and the strength of the business and the growth that we’re seeing is what led the team at Felicis to lead this round. We also have Sequoia who led prior rounds and Harpoon Ventures also participated. That puts our total funding raised over $25 million, which makes us the best capitalized authorization company,” he said.