Automatic access flows automatically grant and revoke access to a resource based on user context. This access flow type is best used for role-based access control (RBAC) and on-call shift baselines.
Last updated
Was this helpful?
To create an automatic access flow, you must define the permitted users and available resources.
Cloud resources
One or more resources in a cloud platform that has been integrated with Apono If you have not already, integrate Apono with a cloud platform to control access to its resources:
Apono identities
One or more identity sources in the Apono system There are various ways to add identities to Apono:
Follow these steps to define the permitted requestors:
On the Access Flows page, click Create Access Flow. The Create Access Flow page appears.
(Optional) Configure Settings.
Click Automatic. The Automatic fields appear below.
Enter an alphanumeric, user-friendly Access Flow Name.
Click Select attribute to select an IdP attribute, such as User or Group.
(Optional) Click is to select conditional logic from the menu options.
Other operators include the following:
Is not
Contains
Does not contain
Starts with
Click Select value to select one or multiple users or groups from the menu options. This selection determines who is permitted to request access.
(Optional) Add another user.
Under the last listed requestor, click +. A new row appears.
Repeat steps 5-8.
Select the conditional logic for the multiple requestors.\
AND
(Default) Allows the user to request access if they meet all the attributes of the user group
OR
Allows the user to request access if they meet any of the attributes of the user group
You can define access to specific resources in an Apono integration, bundle, or access scope.
To ensure you do not exceed the AWS inline policy character limit, read AWS Limitations when adding AWS resources.
Follow these steps to define access to specific resources:
Under They will have access to, click Select target > Integrations.
Select an integration. The Select resource type panel appears.
Select the resource type.
Click Done. The panel closes.
Click permissions. The Permissions menu appears.
Select one or more permissions to grant the requester.
(Optional) Refine the available resources:
Click in the populated to field. A list of resources appears.
Select one or several resources.
By default, the user has access to Any resources. However, the following options allow you to define access more granularly:
Any resources except specific
Select by name
Select by tags
(Optional) Add another target:
Click + at the end of the row. A new target row appears.
Repeat steps 1-7 or add a bundle or access scope.
After defining the permitted users and resource, follow these steps to review and save an automatic access flow:
Click Review and Create. The Automatic Access Flow Summary appears.
The access flow summary provides a visual overview of the relationship between the requesters and the target resource.
Click Create and Grant.
By clicking (new tab icon), you can view the contents of an access scope in a new browser tab.
