How to audit access with Apono
Apono is a platform for Just-in-Time access management that keeps organizations secure and compliant.
Apono makes it easier for DevOps, DevSecOps, IT and IAM Ops to manage access, reduces risk of human error and attack and eliminates the need for clunky IT service management systems in your everyday work.
If your organization is using Apono, access to cloud resources in development, CI/CD, data repositories, cloud infrastructure and more is managed centrally:
Admins in the organization set Access Flows which determine who can access what, with how permissions and for how long
Developers that need access use Slack, Teams or CLI to request access
Access is either automatically approved or sent for review by approvers, according to the Access Flow
Every access request is logged and admins can create, save, export, and schedule audit reports (see guide below)
Learn more about how Apono helps companies stay compliant here.
Use the Apono UI or Slack to:
See all your organization's access requests.
See active and expired access granted with Apono.
Revoke active access when needed.
In the Apono app, navigate to Activity
Under the Audit tab, you will find all the organization's access requests sorted by creation date
Each log contains the following information:
Request ID - unique ID generated by Apono & creation time
Requester - name and email
Resource type - the cloud service or resource type, for example Repository, Bucket, Machine, Database, etc.
Resources - all the instances of the resource type that were requested
Permissions - all the permissions on the resources that were requested
Status - the request status (see below) and the last update time
Take actions:
Revoke Access button - allows the admin to revoke access before the expiry time. Enabled if the access is active and disabled when it is expired
Timeline - click to see the access request lifecycle from the time of request
Approved - the access was approved automatically or by approver(s), depending on the Access Flow
Rejected - the access was rejected by approver(s)
Granted - the access was provisioned by Apono and the user is now accessible to the resources
Pending - the request is pending review by approver(s)
Revoking - Apono is in the process of revoking the access to the resources
Expired - the access time ended and Apono revoked the access. The user is no longer accessible to the resources
Failed - a technical error occurred and access could not be provisioned. Contact Apono for support.
In the Apono app, navigate to Activity
Under the Audit tab, you will find all the organization's access requests sorted by creation date
Filter Status == Granted
See a list of all the active access in your organization
Revoke access directly from the Apono UI by clicking 'Revoke Access'
You can check out the permissions request channel for in a permissions-audit
channel in Slack.
Here you will see a list of all the access requests created in the organization at every step of the access lifecycle:
Request
Grant
Revoke
For each request you will find:
The requester
Permissions requested
Resources requested
Integration of source
Action - request, grant, revoke
Access duration