# Resource and Integration Owners A **resource owner** is a group or role responsible for a specific resource within a cloud environment, such as AWS, GCP, Azure, or Kubernetes. When you assign a resource owner, this group or role will manage approving or rejecting access to that specific resource. A resource must also have an **integration owner**. The integration owner is a fallback individual or group responsible for managing all integration resource access when a resource owner cannot be identified. *** ### Prerequisite

Item	Description
Identity Provider Integration	Integration between Apono and an identity provider that enables managing the access of your users and groups
Tags	Key-value pair identifying owners in your cloud environment Follow these steps to define the resource owner tag: In your cloud environment, initiate the process for creating a tag. For the name of the tag, enter a role name, such as owner. For the value of the tag, enter the name of the group, role, or other identity provider (IdP) attribute. The value must correspond with an identifier within an IdP platform used by your organization and integrated with Apono. When you update the membership of the group or role in your IdP platform, this change is also reflected in Apono. This approach leverages your existing tag strategy and allows for dynamic, granular control over resource ownership.

Item

Description

Identity Provider Integration

Integration between Apono and an identity provider that enables managing the access of your users and groups

Tags

Key-value pair identifying owners in your cloud environment

Follow these steps to define the resource owner tag:

In your cloud environment, initiate the process for creating a tag.
For the name of the tag, enter a role name, such as owner.
For the value of the tag, enter the name of the group, role, or other identity provider (IdP) attribute. The value must correspond with an identifier within an IdP platform used by your organization and integrated with Apono.

When you update the membership of the group or role in your IdP platform, this change is also reflected in Apono. This approach leverages your existing tag strategy and allows for dynamic, granular control over resource ownership.

*** ### Set the resource and integration owners {% hint style="success" %} This section explains how to set the resource and integration owners for an existing integration. For a new integration, follow the steps in the integration-specific guide. {% endhint %}

*Integration Owner and Resource Owner sections*

Follow these steps to define the resource and integration owners for an existing integration: 1. On the [**Connected**](https://app.apono.io/catalog/connected) tab of the **Integrations** page, at the end of the row of an existing integration, click **⋮ > Edit**. The **Edit Integration** page appears. 2. Under **Resource Owner**, enter the **Key name**. This value is the name of the tag created in your cloud environment. 3. From the **Attribute** dropdown menu, select an attribute under the IdP platform to which the key name is associated. {% hint style="info" %} Apono will use the value associated with the key (tag) to identify the resource owner. When you update the membership of the group or role in your IdP platform, this change is also reflected in Apono. {% endhint %} 4. Under **Integration Owner**, from the **Attribute** dropdown menu, select **User** or **Group** under the under the relevant IdP platform. {% hint style="info" %} This setting is required and is the fallback resource owner if a resource owner cannot be identified. {% endhint %} 5. From the **Value** dropdown menu, select one or multiple users or groups. 6. Click **Update**.