Resource and Integration Owners

Learn about resource and integration owners

A resource owner is a group or role responsible for a specific resource within a cloud environment, such as AWS, GCP, Azure, or Kubernetes. When you assign a resource owner, this group or role will manage approving or rejecting access to that specific resource.

A resource must also have an integration owner. The integration owner is a fallback individual or group responsible for managing all integration resource access when a resource owner cannot be identified.

Prerequisite

Item	Description
Identity Provider Integration	Integration between Apono and an identity provider that enables managing the access of your users and groups
Tags	Key-value pair identifying owners in your cloud environment Follow these steps to define the resource owner tag: In your cloud environment, initiate the process for creating a tag. For the name of the tag, enter a role name, such as owner. For the value of the tag, enter the name of the group, role, or other identity provider (IdP) attribute. The value must correspond with an identifier within an IdP platform used by your organization and integrated with Apono. When you update the membership of the group or role in your IdP platform, this change is also reflected in Apono. This approach leverages your existing tag strategy and allows for dynamic, granular control over resource ownership.

Item

Description

Identity Provider Integration

Integration between Apono and an identity provider that enables managing the access of your users and groups

Tags

Key-value pair identifying owners in your cloud environment

Follow these steps to define the resource owner tag:

In your cloud environment, initiate the process for creating a tag.
For the name of the tag, enter a role name, such as owner.
For the value of the tag, enter the name of the group, role, or other identity provider (IdP) attribute. The value must correspond with an identifier within an IdP platform used by your organization and integrated with Apono.

When you update the membership of the group or role in your IdP platform, this change is also reflected in Apono. This approach leverages your existing tag strategy and allows for dynamic, granular control over resource ownership.

Set the resource and integration owners

This section explains how to set the resource and integration owners for an existing integration. For a new integration, follow the steps in the integration-specific guide.

Follow these steps to define the resource and integration owners for an existing integration:

On the Connected tab of the Integrations page, at the end of the row of an existing integration, click ⋮ > Edit. The Edit Integration page appears.
Under Resource Owner, enter the Key name. This value is the name of the tag created in your cloud environment.
From the Attribute dropdown menu, select an attribute under the IdP platform to which the key name is associated.

Apono will use the value associated with the key (tag) to identify the resource owner.

When you update the membership of the group or role in your IdP platform, this change is also reflected in Apono.

Under Integration Owner, from the Attribute dropdown menu, select User or Group under the under the relevant IdP platform.

This setting is required and is the fallback resource owner if a resource owner cannot be identified.

From the Value dropdown menu, select one or multiple users or groups.
Click Update.

PreviousDynamic Access Management NextCommon Use Cases

Last updated 15 days ago