Building a Borderless Workforce—With Security at the Core
Oyster is a global employment platform that enables companies to hire, pay, and manage talent seamlessly—regardless of location.
Founded in 2019, Oyster is making global hiring easier for businesses and workers alike. With a fully distributed team spanning over 60 countries, Oyster helps organizations in 180+ countries build world-class teams without being constrained by borders. Trusted by companies like Aston Martin, Automattic, Culture Amp, and Hired, Oyster is recognized as G2’s leader in global employment platforms.
Oyster’s global HR platform handles highly sensitive employment and personal data, including salaries and legally protected personally identifiable information (PII). Serving customers of all sizes, it is critical that both internal and external teams only access the data and functions necessary for their specific roles, while handling the intricacies of local employment laws. This requires a flexible permissioning system that can quickly accommodate new product features and a growing customer base. That is why the Identity and Access Management (IAM) team at Oyster selected Oso.
The Team Behind Secure Innovation
As the Senior Product Manager at Oyster overseeing IAM, Eduarda Osthoff leads a team responsible for both authentication and authorization services. By establishing a central framework for roles and permissions, Eduarda and her team enable Oyster’s development squads to build new services into the HR platform—while ensuring security and regulatory compliance remain top priorities.
HR teams have many different responsibilities and authorization systems have to be flexible enough to handle them all. Think talent acquisition, identity verification (“Know Your Customer, Know Your Employee”) , onboarding, payroll and benefits administration, performance management, employee relations, and learning and development. In the case of Oyster, this is all while navigating variances in regional regulatory, tax, and cultural requirements.

Eduarda describes her team’s mission: “To empower our customers and Oyster with the pinnacle of not only authentication and authorization, but also integration with other HR Information Systems and identity verification for employees hired through our platform.”
Too Complex, Too Slow: Why Oyster Moved Beyond In-House Authorization
Oyster started out building their own authorization system. From day one, they had to support three distinct authorization models—Role-Based Access Control (RBAC), Relationship-Based Access Control (ReBAC), and Attribute-Based Access Control (ABAC). This created significant complexity for the IAM team.
Building a fully-fledged authorization system in-house took a lot of time and energy. We quickly realized it would be best to focus on our core business and offload most of the heavy lifting and maintenance to a specialized provider.
- Eduarda Osthoff, Senior Product Manager at Oyster
Oyster’s in-house authorization system soon revealed its limitations as the business grew. The existing framework lacked flexibility and struggled to support the complex requirements of HR apps:
- Hierarchical Structures: HR platforms always have org charts and user hierarchies, leading to layered role and permission inheritance. For example, managers can view data for their team, while higher-level managers inherit access to broader groups. Enterprises using HR systems frequently demand the ability to customize roles, permissions, and access rules to fit their unique org structures.
- Cross-Functional Access Needs: In addition to HR, functions like finance, legal, and IT require selective, role-based access to employee data across the entire organization—creating complex, overlapping permission requirements.
- Embedded & Integrated Systems: HR systems are often integrated with or embedded into other enterprise back-office applications. This makes it impractical to hard-code authorization logic within business logic—there needs to be a clear, externalized way to check permissions across system boundaries.
Security was another concern. Manual processes in role assignment and in application recoding to implement new permissions left the system prone to errors, increasing the risk of granting incorrect permissions and exposing sensitive data to the wrong users. Adding new roles was equally problematic. Each implementation was labor-intensive, with no way to easily reuse previous work. In one case, developing a single new role consumed over three months of engineering effort as authorization code had to be modified in multiple locations in the code base.
From Evaluation to Execution: Building The Case for Oso
Oyster needed an authorization solution that was:
- Scalable: Ready to support thousands more active users and increasingly large enterprise customers.
- Reusable and Reliable: Allowing teams across the company to design specialized roles and permissions without rebuilding from scratch. Reliability is critical because if the authorization service goes down, so does Oyster.
- Auditable: Enabling clear records and oversight to satisfy stringent internal and external compliance demands.
- Future-Proof: Flexible enough to accommodate new roles, permission types, and unanticipated changes to the platform.
Implementation time, reusability, reliability, auditability, and future-proofing were our key goals,” says Eduarda. “We wanted something that would still serve us well as we evolve and grow.

During the initial assessment, Oyster considered four authorization providers, narrowing down to two after further research. The team ran proofs of concept to evaluate how well each option handled complex policy requirements, along with its performance, documentation, and support quality.
Why did we select Oso? Because the product was solid, the documentation stellar, and the support excellent. Whenever we encountered issues—performance or otherwise—the Oso team was quick to respond and implement any necessary changes. They really stood out.
- Eduarda Osthoff
More than product training, the Oso Authorization Academy quickly became a go-to resource for Oyster’s developers to master advanced, vendor-neutral authorization concepts they can apply daily—whether using Oso or not.
One Framework, Every Access Model: How Oyster and Oso Simplified the Complex
Oyster’s IAM team ultimately chose Oso for its ability to unify RBAC, ReBAC, and ABAC models under one robust authorization service. By consolidating these models into a single, maintainable framework, Oyster gained the flexibility to tailor permissions for every use case—from smaller clients with simpler role structures to enterprise customers and partners requiring highly granular access policies, through to internal legal and compliance teams.
- External Drivers Unlocking Expansion Into New Markets: Enterprise customers face the challenges discussed earlier—hierarchical structures, cross functional access needs, and integration into back-office suites. Oso proved a perfect fit to meet all of these requirements.
- Internal Drivers Supporting Business Growth: As Oyster grew, internal teams like InfoSec, Legal, and Compliance required tighter controls over data access. These teams needed assurance that different internal groups could only access the data relevant to their responsibilities, with the ability to restrict certain actions entirely. Meeting these demands became critical to maintaining regulatory compliance and protecting sensitive information at scale.
An immediate benefit was how straightforward it became to create and adjust new roles without major rewrites. Developers now define role rules in Oso’s policy files, quickly incorporate them into existing services, and move on. This consistent approach streamlines collaboration across the company’s various product teams—everyone works off the same code patterns and shared authorization logic.
Since adopting Oso in 2023, we've seen huge growth—and Oso has scaled with us. It supports more users, more regions, and evolving feature demands as we move upmarket to larger customers. The beauty of Oso is that we can keep adding new roles or refining existing ones without overhauling our entire infrastructure.
- Eduarda Osthoff
Today the team maintains around 90 policy files written in Polar, Oso’s declarative policy language. These files define the resources they want to control access to and the rules that govern that access. The team supports over 10,000 users, including both internal Oyster staff and external customers.
Deploying to Oso Cloud means Oyster’s authorization service is distributed globally, managing access policies right alongside local HR data. This provides both compliance with data sovereignty regulations and blazing fast access with authorization checks typically returning in under 10ms.

The Impact of Oso: Faster, Safer, and Ready for What’s Next
By adopting Oso, Oyster transformed its authorization framework from a bottleneck into a key enabler of business growth, operational efficiency, and security. The impact has been significant:
- 8x Faster Role Implementation: Reusable code and declarative policy logic dramatically reduces development effort and accelerated delivery across engineering teams.
- Flexible, Scalable Permissions: Oso’s architecture allows Oyster to decouple authorization code from application logic so they can easily add and adapt permissions. This helps them support increasingly complex role requirements for both internal teams and enterprise customers.
- Robust Security Controls: Centralized, standardized authorization checks and role changes minimize the risk of human error in mis-assigning roles or in issues caused by implementing new roles in app code. This ensures sensitive employment data is only accessible to the right individuals.
- Empowering Growth Initiatives: Oso equips Oyster to confidently meet evolving needs, from supporting client-specific custom roles to meeting strict internal InfoSec and compliance requirements. This has enabled Oyster to sell upmarket into enterprise customers.
I don’t see Oso as just a service provider—it’s a true partnership, one where we can grow together.
- Eduarda Osthoff
Looking ahead, Oyster plans to continue using Oso as the foundation for permissions across new product offerings and services. As their enterprise customer base expands, they’re well-positioned to support more granular role hierarchies and advanced access models—all while maintaining the security and agility needed to stay ahead in a highly regulated, global HR market.
Next Steps
Oyster’s story illustrates that outsourcing complex authorization requirements can free engineering teams to focus on core product innovations. By choosing a partner whose product and support can adapt with your growth, you avoid the ongoing burden of building and scaling an in-house system. For teams at any stage—whether startup or enterprise—Oyster’s experience underscores the value of a flexible, expert-backed authorization solution like Oso to secure your platform and drive business agility.
Curious how to apply these best practices to your own applications? Our engineers are always available to share guidance on getting started with authorization design, scaling complex permission systems, or tackling specific challenges your team faces. Start the conversation by meeting an Oso engineer.
At a glance
- Industry
- Technology
- Use Case
- HR SaaS Platform
- Region
- Global
Challenge
- Slow, Costly Role Creation: Adding new roles was labor-intensive - building a single new role took 3 months in one case. Worse, that effort wasn’t reusable. The team had to start from scratch for each new role.
- Security Gaps and Risk of Errors: Manual processes and application recoding for new permissions increased the risk of granting incorrect access—making it easy to assign the wrong permissions to the wrong roles.
- Rigid and Limiting: The old framework couldn’t adapt quickly enough, limiting Oyster’s ability to serve new markets with larger, more demanding customers and channel partners.This included more finely grained data scoping between different roles such as admins,team managers, and team members, along with dynamic, relationship-based permissions.
Solution
- Unified Authorization Models: Consolidate RBAC, ReBAC, and ABAC into a single, maintainable framework.
- Reusable, Declarative Policies: Oso’s Polar language enables teams to define roles and permissions cleanly and consistently across services, decoupling authorization logic from application code.
- Globally Distributed, Low-Latency Authorization: Oso Cloud manages access policies alongside local HR data, ensuring compliance with data sovereignty regulations while delivering sub-10ms authorization checks.
Results
- 8x Faster Role Implementation: Reusable code and declarative policy logic dramatically reduces development effort and accelerates feature delivery across engineering teams.
- Robust Security Controls: Centralized, standardized authorization checks and role changes minimize the risk of human error, ensuring sensitive employment data is only accessible to the right individuals.
- Empowering Growth Initiatives: Oyster is able to drive new revenue growth from larger enterprise customers and add new channels, both of which demand a much more flexible system for authorization.