What is an Access Flow

An automated dynamic permissions workflow that allows admins to define granular-level access permissions to a set of resources that users may receive based on context, according to an approval policy and for a specified time.



Permissions defined in an Access Flow are not automatically received by the grantee.
The grantee user can request them via the integrated communication channel (e.g. Slack) or through the magic link. Only then will they be received or with approval (depending on the Access Flow).

The context is built from attributes like organizational groups, cloud resource tags, time zones and working hours, on-call schedule and more.
These attributes could be fully dynamic and Apono synchronizes with the source of truth relevant to the attributed context. For instance an integration with OKTA will provide the user groups

The duration is the time the permissions will be valid from the time they are granted to the user. When the timeframe expires the user will receive a notification through the integrated communication channel (e.g. Slack) and the granted permissions be revoked across the resources.

  • If an indefinite timeframe is chosen, the permissions will not be revoked once granted to a user unless the Admin revokes them manually - see the Activity Page to revoke current permissions of a user.
  • Access Flow settings allow Admin to chose whether to allow users to automatically extend their permissions validity - see the Admin Settings.

The approver user/s or group/s of users can be defined in an Access Flow. An Access Flow containing an approval policy will require one of the set approvers to approve the access request whether it is requested via an Apono communication channel (e.g. Slack) or via a shared link.
Admin's defining an Access Flow can choose whether they require an approver in this Access Flow or not.

The Fallback Access Flow Fallback Access Flow is a built-in policy for requests that are not covered by any other policy, these requests are sent to Apono admins for approval and if granted, revoked within 4 hours. Admins can choose whether to enable or disable this Flow.
You can enable/disable this in the Settings Page - Navigate by clicking your Name on the bottom left corner -> Settings -> General


Start building Access Flows here

What’s Next

Check out some of the common Access Flows our Admins defined in their organizations.