How Apono integrations work and what to expect
In order to manage just-in-time access, Apono needs to integrate with your cloud applications. Our integration:
Syncs data on users, resources and permissions
Automates granting and revoking of users' access to cloud resources
Each integration requires:
An installed connector in your cloud environment
A specific configuration, which may include:
A role created for Apono
Metadata like proxy address, hostname, port, region, clusters, secret store, etc. To learn more about each integration's required config, visit the integration guide or our Metadata for Integration Config guides.
Apono's unique architecture makes the integration extra secure. Learn more here.
Install a connector
A connector can be installed on AWS (using Cloudformation [ECS], Terraform [EKS], CLI [EKS]) , GCP (using CLI [GKE]), Azure (using Terraform or CLI) or Kubernetes (using Terraform or Helm).
Follow this guide NOTE: If you have installed a connector in the past, you may use it for more than 1 integration\
Follow the integration guide Per each integration's requirements, supply Apono with:
The role or permission needed to manage access
The metadata to complete the integration NOTE: During this process, you may be required to leave Apono and complete some steps in the source application portal\
Give the integration a name
The integration name is used when creating Access Flows
This name will be displayed to end-users when creating access requests
Wait for the first sync to complete
Follow the status in the Integrations page Connected tab. A healthy integration looks like this:
In case of error, follow our troubleshoot guide
All set! Create Access Flows with your new integration
This is what a healthy AWS Account integration process looks like when using an existing connector:
Apono currently supports 3 types of integrations:
Resources - these integrations sync data on resources and permissions. Apono then manages JIT access to these resources by granting and revoking users' access based on the Access Flows.
Cloud infrastructure
Databases
CI/CD and development tools
Network and VPN
IdP groups
User information - these integrations sync data on your users and their attributes, like manager, shift, groups, etc.
Identity providers (IdP)
Incident response/on-call tools
IT service management (ITSM) tools
Communications (chat-ops)
Browse our integrations catalog in the Apono app.
Whether you manage your cloud environment in AWS, GCP or Azure, Apono lets you integrate all your cloud services at once!
This means you can manage your entire environment with Apono in a single integration: Apono integrates multiple cloud services from the same AWS Account, GCP Project or Azure Subscription.
In AWS, simply install the connector and secret on any Account you'd like to manage, provide the region and we will do the rest: we'll sync all your resource types, like EC2, RDS, S3 buckets, IAM roles&policies, ECR, EKS, and more all at once.
In GCP, simply install the connector and secret on any Project you'd like to manage and we will do the rest: we'll sync all your resource types, like BigQuery tables, Spanner, Storage, and more all at once.
In Azure, simply install the connector and secret on any Subscription you'd like to manage, and we will do the rest: we'll sync all your resource types, like Storage, MySQL, PostgreSQL, and more all at once.
Go to the Apono Integrations page and click the Catalog tab.
Pick your cloud provider: AWS, GCP or Azure
Pick the level you'd like to integrate on:
AWS:
Pick Organization to manage access to the SSO Identity Center
Pick Account to sync and manage access to a specific Account and multiple services it contains
GCP
Pick Organization to manage access to the Organization or Folder roles.
Pick Project to sync and manage access to a specific Project and multiple services it contains
Azure
Pick Subscription to sync and manage access to a specific Resource Group and multiple services it contains
Provide Apono with the required configuration, and you're done! We'll sync all the services for you.
You'll be redirected to the Connected tab, where you can see your integrations and all the services or resource types that were synced for it. This is also the place to see and troubleshoot integration errors and create new Access Flows.