Space Management

Enforce clear access boundaries across your organization

Space Management enables clear governance and security boundaries across your account. It is based on the principle of separation of duties, which prevents any single individual or team from having unchecked authority over high-impact actions. By distributing responsibility across well-defined boundaries, organizations reduce risk, prevent misconfigurations, and strengthen compliance.

Apono implements Space Management by dividing the global account into independently governed spaces. Each space contains its own resources, access flows, and delegated administrators. This allows a team to manage only what it owns.

When configured for your account, you gain the following benefits:

  • Clear isolation of responsibilities to limit privilege scope and reduce security risk

  • Delegated ownership so teams manage their own access flows and resources without requiring global admin rights

  • Centralized oversight through global visibility, auditing, and activity tracking

  • Improved compliance posture with clean, auditable boundaries between teams and environments

Account Organization

Once Space Management is enabled in your account, Apono organizes the environment into a clear, two-layer structure:

  • Global account which provides centralized governance

  • Spaces which provide isolated domains of control

This structure balances delegated control within each space with centralized oversight at the global account level.

Global Account

The global account represents the full environment managed by Apono. It is where integrations are connected, resources are discovered, and auditing is centralized. All spaces operate within this top-level environment.

The global account includes:

  • Integrations: All connected cloud and service integrations and connectors

  • Resource inventory: Full visibility into all discovered resources

  • Audit visibility: All activity logs, audit events, and reports

  • Access management objects: Access flows, bundles, and access scopes created and managed outside any space

  • Spaces: All spaces created within the account

Spaces

Spaces are scoped environments created within the global account. Each space contains its own subset of resources, access-management objects, and members with delegated roles. Spaces isolate team-specific configurations so each team manages only the resources it owns.

Each space includes:

  • Resources: Defined subset of the global inventory, selected through space access scopes

  • Access management objects: Access flows, bundles, and access scopes created and managed within the space

  • Delegated roles: Space owners who manage both membership and access to resources, and space managers who manage access to resources only

Each space operates independently, ensuring teams work within isolated boundaries while the global account maintains centralized oversight.

PreviousPersonal API TokensNextCreate a space

Last updated

Was this helpful?