Integrating with Apono

How Apono integrations work and what to expect

Intro

In order to manage just-in-time access, Apono needs to integrate with your cloud applications. Our integration:

  1. Syncs data on users, resources and permissions
  2. Automates granting and revoking of users' access to cloud resources

Each integration requires:

  1. An installed connector in your cloud environment
  2. A specific configuration, which may include:
    1. A role created for Apono
    2. Metadata like proxy address, hostname, port, region, clusters, secret store, etc.
      To learn more about each integration's required config, visit the integration guide or read our public API metadata guide here.

๐Ÿ‘

Apono's unique architecture makes the integration extra secure. Learn more here.

How it works

  1. Install a connector
    1. A connector can be installed on AWS (using Cloudformation [ECS], Terraform [EKS], CLI [EKS]) , GCP (using CLI [GKE]), Azure (using Terraform or CLI) or Kubernetes (using Terraform or Helm).
    2. Follow this guide
    • If you have installed a connector in the past, you may use it for more than 1 integration
  2. Follow the integration guide
    Per each integration's requirements, supply Apono with:
    1. The role or permission needed to manage access
    2. The metadata to complete the integration
    • During this process, you may be required to leave Apono and complete some steps in the source application portal
  3. Give the integration a name
    1. The integration name is used when creating Access Flows
    2. This name will be displayed to end-users when creating access requests
  4. Wait for the first sync to complete
    1. Follow the status in the Integrations page Connected tab. A healthy integration looks like this:
    2. In case of error, follow our troubleshoot guide
  5. All set! Create Access Flows with your new integration

This is what a healthy AWS Account integration process looks like when using an existing connector:

Integration types

Apono currently supports 3 types of integrations:

  1. Resources - these integrations sync data on resources and permissions. Apono then manages JIT access to these resources by granting and revoking users' access based on the Access Flows.
    1. Cloud infrastructure
    2. Databases
    3. CI/CD and development tools
    4. Network and VPN
    5. IdP groups
  2. User information - these integrations sync data on your users and their attributes, like manager, shift, groups, etc.
    1. Identity providers (IdP)
    2. Incident response/on-call tools
    3. IT service management (ITSM) tools
  3. Communications (chat-ops)

Browse our integrations catalog here or in the app

Integrating cloud environments

Overview

Whether you manage your cloud environment in AWS, GCP or Azure, Apono lets you integrate all your cloud services at once!

This means you can manage your entire environment with Apono in a single integration: Apono integrates multiple cloud services from the same AWS Account, GCP Project or Azure Subscription.

In AWS, simply install the connector and secret on any Account you'd like to manage, provide the region and we will do the rest: we'll sync all your resource types, like EC2, RDS, S3 buckets, IAM roles&policies, ECR, EKS, and more all at once.

In GCP, simply install the connector and secret on any Project you'd like to manage and we will do the rest: we'll sync all your resource types, like BigQuery tables, Spanner, Storage, and more all at once.

In Azure, simply install the connector and secret on any Subscription you'd like to manage, and we will do the rest: we'll sync all your resource types, like Storage, MySQL, PostgreSQL, and more all at once.

How it works

  1. Go to the Apono Integrations page and click the Catalog tab.
  2. Pick your cloud provider: AWS, GCP or Azure
  3. Pick the level you'd like to integrate on:
    1. AWS:
      1. Pick Organization to manage access to the SSO Identity Center
      2. Pick Account to sync and manage access to a specific Account and multiple services it contains
    2. GCP
      1. Pick Organization to manage access to the Organization or Folder roles.
      2. Pick Project to sync and manage access to a specific Project and multiple services it contains
    3. Azure
      1. Pick Subscription to sync and manage access to a specific Resource Group and multiple services it contains
  4. Provide Apono with the required configuration, and you're done! We'll sync all the services for you.
  5. You'll be redirected to the Connected tab, where you can see your integrations and all the services or resource types that were synced for it.
    This is also the place to see and troubleshoot integration errors and create new Access Flows.