Automatic Access Flows
Automatic access flows automatically grant and revoke access to a resource based on user context. This access flow type is best used for role-based access control (RBAC) and on-call shift baselines.
To create an automatic access flow, you must define the permitted users and available resources.

Prerequisites
Cloud resources
One or more resources in a cloud platform that has been integrated with Apono If you have not already, integrate Apono with a cloud platform to control access to its resources:
Apono identities
One or more identity sources in the Apono system There are various ways to add identities to Apono:
Define permitted users

Follow these steps to define the permitted grantees:
On the Access Flows page, click Create Access Flow. The Create Access Flow page appears.
Click Automatic. The Automatic fields appear below.
Enter an alphanumeric, user-friendly Access Flow Name.
Click Select attribute to select an IdP attribute, such as User or Group.
(Optional) Click is to select conditional logic from the menu options.
Click Select value to select one or multiple users or groups from the menu options. This selection determines who is permitted to request access.
(Optional) Add another user.
Under the last listed requestor, click +. A new row appears.
Repeat steps 4-7.
Select the conditional logic for the multiple requestors.
ConditionDescriptionAND
(Default) Allows the user to request access if they meet all the attributes of the user group
OR
Allows the user to request access if they meet any of the attributes of the user group
Define the resource

You can define access to specific resources in an Apono integration, bundle, or access scope.
To ensure you do not exceed the AWS inline policy character limit, read AWS Limitations when adding AWS resources.
Follow these steps to define access to specific resources:
Under They will have access to, click Select target > Integrations.
Select an integration. The Select resource type panel appears.
Select the resource type.
Click Done. The panel closes.
Click permissions. The Permissions menu appears.
Select one or more permissions to grant the requester.
(Optional) Refine the available resources:
Click in the populated to field. A list of resources appears.
Select one or several resources.
(Optional) Add another target:
Click + at the end of the row. A new target row appears.
Repeat steps 1-7 or add a bundle or access scope.
Add a label

Follow this step to add an access flow label:
In the Access flow labels, enter a value and press Enter OR select an existing label.
Review the access flow
After defining the permitted users and resource, follow these steps to review and save an automatic access flow:
Click Review and Create. The Automatic Access Flow Summary appears.
Click Create and Grant.
Last updated
Was this helpful?