Security and Architecture

Apono helps you manage just-in-time access in a secure, least privilege way


Apono was built and designed with security in mind so that any company is able to use it in their environment.

We applied the same least privilege principles to our product that Apono unlocks for its users:

  • Ensure users receive just the right amount of permissions they need
  • Ensure users receive access only for the limited time they need them


Apono's secure architecture

The Apono platform is built by two separate components:

  • The Web App
  • The Connector

The web app continuously receives basic data about users, resources and permissions from the connector.

The connector is fully deployed within the organization’s environment and has a limited set of template functions that can be invoked and are fully in the organization control.

This architecture ensures high reliability as well as segregation of environments, keeping any access to the environment within the environment.

The Web App security

Our web app is a portal for admins to create and manage integrations and Access Flows.

The portal:

  • Could only be accessed by admins of the system who've authenticated using the organizational identity provider.
  • Doesn't require access to the organization's environment resources. No roles, permissions, privileges, or actions are granted to the app.
  • Integrates with the organizational identity provider as the source of truth for the organizational identities.
  • Doesn't access your data or environment, and only communicates with the Apono connector.

The Connector security

Our connector is a component you install in your cloud environment (AWS, GCP, Azure, Kubernetes). It communicates with your cloud services and cloud apps using, but not caching or storing, your secrets.

The connector:

  • Is completely within the organization's control, as it is installed in your cloud provider.
  • Can be uninstalled or disconnected at any time without support from Apono.
  • Uses fully visible template functions, mutable by the organization’s environment owner. These functions limit the ability of the connector to only invoke specific actions that are predefined.
  • Has no permissions to access the data itself.
  • Does not store any secrets.


The Apono Connector is High Availability

No downtime, no outages, no problem!

Our Round Robin method helps ensure uptime for your Apono integrations as users request access. Several connector instances will continue provisioning and deprovisioning access as needed.

Your data

When you integrate your cloud applications and IdP with Apono, Apono syncs metadata and configuration information continuously. We only sync basic information needed for access management: users, groups, resources and permissions.


  • Does not read your data, like datasets, files, documents, code, etc.
  • Does not collect any personal data about your employees: Apono needs a user's email, and that's it.
  • Does not store or cache secrets or credentials


Apono does not store or cache any of your secrets.

When a data sync is required, the connector gets the secret from your cloud's Secret Store to access the data it needs. After authenticating, the secret is not saved anywhere.


Credentials rotation as often as you need

When granting access to users, Apono enforces password reset and credentials rotation out of the box to meet the strictest compliance and security standards. Read more here.


Apono and AWS

Apono and GCP

Apono and Azure