# Revoke Access
A big, often overlooked, part of access management is revoking access; de-provisioning access, removing group membership and deleting orphaned accounts.
Apono helps **automate** this process as part of its access lifecycle:
## Benefits of working with Apono
### Automated grant & revoke
Apono helps automate the entire access lifecycle:
1. The admin defines the access lifetime per app, environment, resource and permission
2. The user requests access with Slack, Teams or CLI
3. According to each [Access Flow](https://docs.apono.io/docs/access-flows/access-flows), access is approved automatically or by approver(s)
4. When the access lifetime ends, Apono revokes the access for you automatically
5. All requests, approvals, grants and revocations are fully audited
{% hint style="success" %}
Congratulations! You just automated the complete access lifecycle, saving time and resources and reducing standing access
{% endhint %}
### Panic button
Apono serves as your central control tower for shut-down - in case of **emergency or incident**, you can revoke all active access directly from Apono:
1. Admins can use the Apono UI to find and revoke all active access\
2. Approvers (managers, resource owners, developers on duty, DevOps, DevSecOps, SRE, IAM Ops, CISO or anyone else you want) can revoke access
3. End users can revoke their own access
### Admin and approver control
With Apono, admins and approvers have full control over who can access what:
1. Admins can define Access Flows with automatic revocation
2. Admins can find all active access and revoke it
3. Approvers (managers, resource owners, developers on duty, DevOps, DevSecOps, SRE, IAM Ops, CISO or anyone else you want) can revoke all the active access they approved
### Access visibility
It's hard to keep track of all the active access in the organization. Access can be granted in the IdP for users and groups, users can be granted access directly from apps' IAM portals, using roles, permission sets or users (personal or shared).
This causes access drift, shadow admins, orphaned accounts, partial offboarding, and unused access which increases downtime and attack risks.
Apono lets you find out who has access to what in the organization:
**BEFORE**
Take standing access for users and groups and turn into dynamic, just-in-time, on-demand, temporary access. It's **dynamic, easy to manage and fully audited**.
**AFTER**
