Apono Users Management

Manage Apono users: Admins, End-Users and Contractors

Intro

Apono is a just-in-time, on-demand, temporary access platform.

Apono currently supports 3 types of users:

  1. Admin
  2. End-user or Grantee
  3. External requester

How to manage Apono Users

Admin

Your Apono account is managed by Admins. Admins can use the Apono web app or IAAC tools of choice to manage integrations, create and edit Access Flows, create and export audit logs reports, view and manage synced identities, and use the Access Graph for access visibility. They also manage Apono users.

Onboarding

  1. New to Apono? Signup to create an account
  2. Invite your teammates and colleagues from DevOps, DevSecOps, IAM, IT or Security as admins
    1. Click your account icon
    2. Go to Administration -> Users
    3. Click "Invite User"
    4. Insert Email, Role (pick "Admin"), Full Name and Phone Number (optional)
  1. New admins will receive an email from Apono

Actions

Apono admins can perform the following actions:

  1. View the dashboard
  2. Create and edit Access Flows
  3. Create Access Bundles
  4. Create and manage integrations
  5. View activity logs and create audit reports
  6. View synced identities
  7. Use the Access Graph for access visibility
  8. Generate API tokens
  9. Invite and delete users and change their roles

End-user (Grantee)

Apono integrates with your identity provider (IdP) to sync data on your users. Once synced, every IdP user can become an Apono requester.

πŸ“˜

Learn more about our IdP integrations here

Onboarding and access requests

Onboarding end-users to create access requests with Apono is easy:

  1. Integrate Apono with your IdP
    1. Apono will sync users from your identity provider, along with their groups and manager data
  2. Create an Access Flow for different users and groups
  3. End-users need to install the Apono Slack App, Teams App or CLI
  4. Once installed, users can use the Slack/Teams app or CLI to make access requests and get access details

You can also add Grantees to Apono without syncing your IdP:

  1. Click your account icon
  2. Go to Administration -> Users
  3. Click "Invite User"
  4. Insert Email, Role (pick "Grantee"), Full Name and Phone Number (optional)
  5. New grantees will receive an email from Apono and can log in to the End User Portal.

πŸ“˜

Read more about the Apono developer web portal here.

Actions and permissions

End-users cannot visit the Apono web app or use IAAC manage integrations or Access Flows.

If end-users arrive to the Apono app by mistake, they will see the following message:

Working with external users

Every company depends on 3rd party users, like consultants, contractors, and other external users, who require access to company resources from time to time.

Apono lets you manage Just-in-Time access for these users:

  • Without an account in your IdP or cloud applications
  • Without an email in your domain
  • Without downloading any software or client
  • Without access to your communications workspaces, like Slack or Teams

How to use it?

  1. Create a new Access Flow or edit an existing Access Flow
  2. Instead of "When user requests access", pick "User opens access link"
  1. When an external user requires access, they can visit a the access link and request the access as needed.