LogoLogo
Documentation and Guides
Documentation and Guides
  • ABOUT APONO
    • Why Choose Apono
    • Security and Architecture
    • Glossary
  • GETTING STARTED
    • How Apono Works
    • Getting started
    • Access Discovery
    • Integrating with Apono
  • CONNECTORS AND SECRETS
    • Apono Integration Secret
    • High Availability for Connectors
    • Installing a connector with Docker
    • Manage integrations
    • Manage connectors
    • S3 Storage
  • AWS ENVIRONMENT
    • AWS Overview
    • Apono Connector for AWS
      • Installing a connector on EKS Using Terraform
      • Updating a connector in AWS
      • Installing a connector on AWS ECS using Terraform
    • AWS Integrations
      • Integrate an AWS account or organization
        • Auto Discover AWS RDS Instances
        • AWS Best Practices
      • Amazon Redshift
      • RDS PostgreSQL
      • AWS RDS MySQL
      • Integrate with EKS
      • AWS Lambda Custom Integration
      • EC2 via Systems Manager Agent (SSM)
  • AZURE ENVIRONMENT
    • Apono Connector for Azure
      • Install an Azure connector on ACI using Azure CLI
      • Install an Azure connector on ACI using PowerShell
      • Install an Azure connector on ACI using Terraform
      • Updating a connector in Azure
    • Azure Integrations
      • Integrate with Azure Management Group or Subscription
        • Auto Discover Azure SQL Databases
      • Azure MySQL
      • Azure PostgreSQL
      • Integrate with AKS
  • GCP ENVIRONMENT
    • Apono Connector for GCP
      • Installing a GCP connector on Cloud Run using CLI
      • Installing a GCP connector on GKE using CLI (Helm)
      • Installing a GCP connector on GKE using Terraform
      • Updating a connector in Google Cloud
    • GCP Integrations
      • Integrate a GCP organization or project
      • CloudSQL - MySQL
      • CloudSQL - PostgreSQL
      • Google Cloud Functions
      • Integrate with GKE
      • AlloyDB
  • KUBERNETES ENVIRONMENT
    • Apono Connector for Kubernetes
      • Installing a connector on Kubernetes with AWS permissions
      • Updating a Kubernetes connector
    • Kubernetes Integrations
      • Integrate with Self-Managed Kubernetes
  • ADDITIONAL INTEGRATIONS
    • Databases and Data Repositories
      • Microsoft SQL Server
      • MongoDB
      • MongoDB Atlas
      • MongoDB Atlas Portal
      • MySQL
      • Oracle Database
      • PostgreSQL
      • RabbitMQ
      • Redis Cloud (Redislabs)
      • Snowflake
      • Vertica
      • MariaDB
    • Network Management
      • SSH Servers
      • RDP Servers
      • Windows Domain Controller
      • AWS EC2 SSH Servers
      • Azure VM SSH Servers
      • Installing the Apono HTTP Proxy
    • Development Tools
      • GitHub
      • Rancher
    • Identity Providers
      • Okta SCIM
      • Okta Groups
      • Okta SSO for Apono logins
      • Google Workspace (Gsuite)
      • Google Workspace (GSuite) Groups
      • Azure Active Directory (Microsoft Entra ID)
      • Azure Active Directory (Entra ID) Groups
      • Jumpcloud
      • JumpCloud Groups
      • OneLogin
      • OneLogin Group
      • LDAP Groups
      • The Manager Attribute in Access Flows
      • HiBob
      • Ping Identity SSO
    • Incident Response Integrations
      • Opsgenie
      • PagerDuty
      • VictorOps (Splunk On-Call)
      • Zenduty
    • ChatOps Integrations
      • Slack integration
      • Teams integration
      • Backstage Integration
    • Secret Management
      • 1Password
  • WEBHOOK INTEGRATIONS
    • Webhooks Overview
    • Anomaly Webhook
    • Audit Log Webhook
    • Request Webhook
      • Custom Webhooks
      • Communications and Notifications
        • Slack Outbound Webhooks
        • Teams
        • Outlook and Gmail (Using Azure Logic App)
      • ITSM
        • Freshdesk
        • Jira
        • ServiceNow
        • Zendesk
        • Freshservice
        • ServiceDesk Plus
      • Logs and SIEMs
        • Coralogix
        • Datadog
        • Logz.io
        • Grafana
        • New Relic
        • SolarWinds
        • Sumo Logic
        • Cortex
        • Logpoint
        • Splunk
        • Microsoft Sentinel
      • Orchestration and workflow builders
        • Okta Workflows
        • Torq
    • Integration Webhook
    • Webhook Payload References
      • Audit Log Webhook Payload Schema Reference
      • Webhook Payload Schema Reference
    • Manage webhooks
    • Troubleshoot a webhook
    • Manual Webhook
      • ITSM
        • PagerDuty
  • ACCESS FLOWS
    • Access Flows
      • What are Access Flows?
    • Create Access Flows
      • Self Serve Access Flows
      • Automatic Access Flows
      • Access Duration
    • Manage Access Flows
      • Right Sizing
    • Revoke Access
    • Dynamic Access Management
      • Resource and Integration Owners
    • Common Use Cases
      • Ensuring SLA
      • Protecting PII and Customer Data
      • Production Stability and Management
      • Break Glass Protocol
    • Create Bundles
    • Manage Bundles
  • ACCESS REQUESTS AND APPROVALS
    • Slack
      • Requesting Access with Slack
      • Approving Access with Slack
      • Reviewing historical requests with Slack
    • Teams
      • Requesting Access with Teams
      • Approving Access with Teams
    • CLI
      • Install and manage the Apono CLI
      • Requesting Access with CLI
    • Web Portal
      • Requesting Access with the Web Portal
      • Approving Access with the Web Portal
      • Reviewing historical requests with the Web Portal
    • Freshservice
    • Favorites
  • Inventory
    • Inventory Overview
    • Inventory
    • Access Scopes
    • Risk Scores
    • Apono Query Language
  • AUDITS AND REPORTS
    • Activity Overview
      • Activity
      • Create Reports
      • Manage Reports
    • Compliance: Audit and Reporting
    • Auditing Access in Apono
    • Admin Audit Log (Syslog)
  • HELP AND DEBUGGING
    • Integration Status Page
    • Troubleshooting Errors
  • ARCHITECTURE AND SECURITY
    • Anomaly Detection
    • Multi-factor Authentication
    • Credentials Rotation Policy
    • Periodic User Cleanup & Deletion
    • End-user Authentication
    • Personal API Tokens
  • User Administration
    • Role-Based Access Control (RBAC) Reference
    • Create Identities
    • Manage Identities
Powered by GitBook
On this page
  • Find an identity
  • Edit an identity
  • Delete an identity
  • Additional user actions

Was this helpful?

Export as PDF
  1. User Administration

Manage Identities

Find, edit, and delete existing Apono identities

PreviousCreate Identities

Last updated 7 months ago

Was this helpful?

After creating identities, you can manage your identity context information. The Apono UI enables you to find, edit, delete, and manage identities.

Find an identity

You can search for and to view their related information.

Find a user

Follow these steps to locate a user in the Apono UI:

  1. From the left navigation, click Identities > Users. The Users tab appears with a list of all existing and synced users.

The Users tab displays context information related to each user:

  • Name

  • Email address

  • Role (Admin, Grantee)

  • Attributes synced from the IdP

  • Status (Active, Disabled) NOTE: The user status is derived from the IdP. Users who are Disabled in the IdP cannot request or receive access with Apono.

This information is intended to help you quickly identify specific users.

  1. In the search bar, enter the name or email of a user. All matching users appear.

  2. (Optional) Apply one or more filters.

Apono Role

Role assigned to the user

Follow this step to apply the filter:

Group

Group associated with the user

Follow this step to apply the filter:

  1. From the Group dropdown menu, select one or more groups.

More Filters

Attributes associated with the user

Follow this step to apply the filter:

  1. From the More Filters dropdown menu, select one or more attributes.

After searching and applying filters, only users with matching criteria appear on the Users tab.

Find a group

Follow these steps to locate a group in the Apono UI:

  1. From the left navigation, click Identities > Groups. The Groups tab appears with a list of all existing and synced groups.

The Groups tab displays context information related to each group:

  • Name

  • Source (Apono, IdP service)

This information is intended to help you quickly identify specific groups.

  1. In the search bar, enter the name of a group. All matching groups appear.

  2. (Optional) Click View Members. The View Group menu appears with a list of all users associated with the group.

Edit an identity

Edit a user

You can edit roles for both Apono-created and IdP-created users in the Apono UI.

Follow these steps to edit a user:

  1. From the left navigation, click your user icon > Administration. The Profile popup window appears.

  2. From the left navigation of the popup window, click Users. The Users window appears with a list of all Apono-created users.

  3. In the row of your desired user, click â ‡> Edit roles. The Edit Roles menu appears.

  4. From the dropdown menu, select a role for the user to assume in Apono:

Role
Description

Admin

Has access to resources by default and grants access to resources

Grantee

Requests and receives access to resources

  1. Click Update. The Edit Roles menu closes, and the user role updates.

  2. In the top right corner of the page, click X. The Profile popup closes.

Edit a group

You can only edit groups created in the Apono UI.

You cannot edit groups that are synced from your IdP. To modify these groups, you must edit them through your IdP service.

Follow these steps to edit an Apono-created group:

  2. In the row of the group, in the row of the user, click â ‡> Edit. The Edit Group menu appears.

  3. Enter new group fields (steps 2-3).

  4. Click Update Group. A green notification appears to signal a successful update.

Delete an identity

Delete a user

Deleting a user irreversibly removes the identity from the Apono system, including from any associated groups and access flows.

You can only delete users created in the Apono UI. You cannot delete users that are synced from your IdP. To remove these users, you must delete them through your IdP service.

Follow these steps to delete an Apono-created user:

  1. From the left navigation, click your user icon > Administration. The Profile popup window appears.

  2. From the left navigation of the popup window, click Users. The Users window appears with a list of all Apono-created users.

  3. In the row of your desired user, click â ‡> Delete User. The Delete User prompt appears.

  4. Click Delete. The user is deleted from Apono.

  5. In the top right corner of the page, click X. The Profile window closes.

Delete a group

Deleting a group irreversibly removes the identity from the Apono system, including from any associated access flows.

You can only delete groups created in the Apono UI.

You cannot delete groups that are synced from your IdP. To remove these groups, you must delete them through your IdP service.

Follow these steps to delete an Apono-created group:

  2. In the row of the group, click â ‡> Delete. The deletion prompt appears.

  3. Click Yes. The group is deleted from Apono.

Additional user actions

In addition to finding, editing, or deleting users, the Apono UI also allows you to perform other tasks to manage users.

Disable a user

Disabling a user prevents the user from requesting or receiving access to any resources controlled by Apono.

You can only disable users created in the Apono UI.

You cannot disable users that are synced from your IdP. You must disable these users through your IdP service.

Follow these steps to disable an Apono-created user:

  1. From the left navigation, click your user icon > Administration. The Profile popup window appears.

  2. From the left navigation of the popup window, click Users. The Users window appears with a list of all Apono-created users.

  3. In the row of your desired user, click â ‡> Disable User. The Disable User prompt appears.

  4. Click Proceed. The user is disabled.

  5. In the top right corner of the page, click X. The Profile window closes.

Resend a user invitation email

Apono invites new users to the system via email. If an invitation expires before the user has accepted it, you will need to resend the invitation email.

Follow these steps to resend an invitation email:

  1. From the left navigation, click your user icon > Administration. The Profile popup window appears.

  2. From the left navigation of the popup window, click Users. The Users window appears with a list of all Apono-created users.

  3. In the row of your desired user, click â ‡> Resend invitation email. A new invitation email is sent.

  4. In the top right corner of the page, click X. The Profile window closes.

Log out a user session

Apono allows admins to manually log out user sessions. This enhances security by ensuring that a user does not inadvertently remain logged in beyond a safe duration.

Follow these steps to log out a user session:

  1. From the left navigation, click your user icon > Administration. The Profile popup window appears.

  2. From the left navigation of the popup window, click Users. The Users window appears with a list of all Apono-created users.

  3. In the row of your desired user, click â ‡> Log out user sessions. The user is logged out.

  4. In the top right corner of the page, click X. The Profile window closes.

\

From the Apono Role dropdown menu, select Admin or Grantee. NOTE: For more information on Apono roles, see .

You can edit both and identities.

.

You can delete both and identities.

.

user
group
Find a group
user
group
Find a group
Edit a user
users
groups
Identities page
Editing a user
Editing a group
Deleting a user
Deleting a group