Automatic access flows automatically grant and revoke access to a resource based on user context. This access flow type is best used for role-based access control (RBAC) and on-call shift baselines.
Last updated
Was this helpful?
To create an automatic access flow, you must define the permitted users and available resources.
Cloud resources
One or more resources in a cloud platform that has been integrated with Apono If you have not already, integrate Apono with a cloud platform to control access to its resources:
Apono identities
One or more identity sources in the Apono system There are various ways to add identities to Apono:
Follow these steps to define the permitted grantees:
Click Automatic. The Automatic fields appear below.
Enter an alphanumeric, user-friendly Access Flow Name.
Click Select attribute to select an IdP attribute, such as User or Group.
(Optional) Click is to select conditional logic from the menu options.
Click Select value to select one or multiple users or groups from the menu options. This selection determines who is permitted to request access.
(Optional) Add another user.
Under the last listed requestor, click +. A new row appears.
Repeat steps 4-7.
Select the conditional logic for the multiple requestors.
AND
(Default) Allows the user to request access if they meet all the attributes of the user group
OR
Allows the user to request access if they meet any of the attributes of the user group
You can define access to specific resources in an Apono integration, bundle, or access scope.
Follow these steps to define access to specific resources:
Under They will have access to, click Select target > Integrations.
Select an integration. The Select resource type panel appears.
Select the resource type.
Click Done. The panel closes.
Click permissions. The Permissions menu appears.
Select one or more permissions to grant the requester.
(Optional) Refine the available resources:
Click in the populated to field. A list of resources appears.
Select one or several resources.
(Optional) Add another target:
Click + at the end of the row. A new target row appears.
Follow this step to add an access flow label:
In the Access flow labels, enter a value and press Enter OR select an existing label.
Click Review and Create. The Automatic Access Flow Summary appears.
Click Create and Grant.
On the page, click Create Access Flow. The Create Access Flow page appears.
To ensure you do not exceed the AWS inline policy character limit, read when adding AWS resources.
Repeat steps 1-7 or add a or .
To ensure you do not exceed the AWS inline policy character limit, read when adding bundles with AWS resources.
Repeat steps 1-2 or add an or .
(Optional) Click (eye icon) to preview the contents of the access scope in a popup window.
You can also click + Create New Access Scope if none of the existing access scopes meet your needs. The Inventory page appears. You can and the new access scope.
Repeat steps 1-3 or add an or .
A label identifies an access flow for streamlined organization and use. When assigned to an access flow, labels appear in the access flow tiles on the page.
After defining the and , follow these steps to review and save an automatic access flow:
