Security Overview

As a security product that is designed to ensure users receive just the right amount of permissions they are required to and only for the limited time they need them, the Apono platform security is of utmost importance.
Apono was architectured with security in mind in order to allow any company to be able to use Apono in their environment.


  • Apono's security architecture allows even the most highly regulated industries to use it in their environments.
  • Users are authenticated with MFA or with the organization’s Identity provider in order to receive access permissions.
  • The Apono platform itself doesn't have access to the environment's data.
  • The Apono platform does not store any secrets or credentials.

Apono's secure architecture:

The Apono platform is built by two separate components: The Web App and the Connector that is fully deployed within the organization’s environment. The Connector has a limited set of template functions that can be invoked and are fully in the organization control as is the Connector itself. This architecture ensures high reliability as well as segregation of environments, keeping any access to the environment within the environment.

The Web App security details:

  • Could only be accessed by admins of the system who've authenticated using the organizational identity provider.
  • Doesn't require access to the organization's environment resources.
  • Integrates with the organizational identity provider as the source of truth for the organizational identities.

The Connector security details:

  • Is completely within the organization's control.
  • At any point in time you can disconnect the connector.
  • The connector's template functions are fully visible and mutable by the organization’s environment owner. These functions limit the ability of the connector to only invoke specific actions that are predefined.
  • No permissions to access the data itself.
  • Does not store any secrets.


  • Apono is Soc2 type II compliant.
  • Apono's centralized access management platform has helped many companies seamlessly pass their Soc2 access control requirements as well.

  • Apono satisfies GDPR and HIPAA requirements and doesn't retain sensitive or personal information.



Who uses Apono?
Many different industries use Apono ranging from insurance, retail, financial and more.

How do users authenticate to the platform?
Users can authenticate using the organizational identity provider or directly with MFA strictly enforced.

Feel free to email any other questions to [email protected]