Home
API Reference

Automatic Access Flows

Automatic access flows automatically grant and revoke access to a resource based on user context. This access flow type is best used for role-based access control (RBAC) and on-call shift baselines.

To create an automatic access flow, you must define the permitted users and available resources.

Create Access Flow page

Prerequisites

ItemDescription

Cloud resources

One or more resources in a cloud platform that has been integrated with Apono If you have not already, integrate Apono with a cloud platform to control access to its resources:

Apono identities

One or more identity sources in the Apono system There are various ways to add identities to Apono:

Define permitted users

Follow these steps to define the permitted requestors:

  1. On the Access Flows page, click Create Access Flow. The Create Access Flow page appears.

  2. (Optional) Configure Settings.

  3. Click Automatic. The Automatic fields appear below.

  4. Enter an alphanumeric, user-friendly Access Flow Name.

  5. Click Select attribute to select an IdP attribute, such as User or Group.

  6. (Optional) Click is to select conditional logic from the menu options.

Other operators include the following:

  • Is not

  • Contains

  • Does not contain

  • Starts with

  1. Click Select value to select one or multiple users or groups from the menu options. This selection determines who is permitted to request access.

  2. (Optional) Add another user.

    1. Under the last listed requestor, click +. A new row appears.

    2. Repeat steps 5-8.

    3. Select the conditional logic for the multiple requestors.\

      ConditionDescription

      AND

      (Default) Allows the user to request access if they meet all the attributes of the user group

      OR

      Allows the user to request access if they meet any of the attributes of the user group

Define the resource

Integrations

You can define access to specific resources in an Apono integration.

Follow these step to define access to specific resources:

  1. Under Request access to, click Select target > Integrations.

  2. Select an integration. The Select resource type panel appears.

  3. Click Done. The panel closes.

  4. Click permissions. The Permissions menu appears.

  5. Select one or more permissions to grant the requester.

  6. (Optional) Refine the available resources:

    1. Click in the populated to field. A list of resources appears.

    2. Select one or several resources.

By default, the user has access to Any resources. However, the following options allow you to define access more granularly:

  • Any resources except specific

  • Select by name

  • Select by tags

  1. (Optional) Add another target:

    1. Click + at the end of the row. A new target row appears.

    2. Repeat steps 1-7.

Bundles

You can define access to a specific bundle.

Follow these steps to define access to a specific bundle:

  1. Click Select target > Bundles.

  2. Select a bundle.

  3. (Optional) To add another bundle, click +. A new target row appears.

  4. Repeat steps 1-2.

Review the access flow

After defining the permitted users and resource, follow these steps to review and save an automatic access flow:

  1. Click Review and Create. The Automatic Access Flow Summary appears.

The access flow summary provides a visual overview of the relationship between the requesters and the target resource.

  1. Click Create and Grant.

PreviousSelf Serve Access FlowsNextApply Admin Settings

Last updated