Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Create an integration to manage access to a MongoDB instance
The MongoDB integration helps you to securely discover and manage your MongoDB resources through Apono.
After integrating MongoDB with Apono, you'll be able to:
Automate resource discovery and mapping across your MongoDB infrastructure
Enable administrators to implement just-in-time, least-privilege access policies and securely manage permissions
Allow users to request temporary access to specific clusters, roles, databases, and collections
Review the following prerequisites and implementation steps to complete this integration.
Apono Connector
On-prem connection serving as a bridge between a MongoDB instance and Apono:
MongoDB Information
Information for the database instance to be integrated:
Hostname
Port
You must create a MongoDB user for the Apono connector.
Follow these steps to create a user:
In your MongoDB instance, switch to the admin database.
Create a user (user) and password (pwd) for the Apono connector.
For more information on creating a user, refer to MongoDB's Create a User on Self-Managed Deployments.
Create a secret with the credentials from step 2.
Use the following key-value pair structure when generating the secret. Be sure to replace #PASSWORD with the actual value. If you used a different name for the user, replace apono-connector with the name you assigned to the user.
You can also input the user credentials directly into the Apono UI during the integration process.
You can also use the steps below to integrate with Apono using Terraform.
In step 11, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to complete the integration:
On the Catalog tab, click MongoDB. The Connect Integration page appears.
Under Discovery, select one or multiple resource types.
Apono automatically discovers and syncs all the instances in the environment. After syncing, you can manage access flows to these resources.
Click Next. The Apono connector section expands.
From the dropdown menu, select a connector. Choosing a connector links Apono to all the services available on the account where the connector is located.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating a connector (AWS, Azure, GCP, Kubernetes).
Click Next. The Integration Config section expands.
Define the Integration Config settings.
Integration Name
Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow
Hostname
Address of the MongoDB instance
Port
Network port the MongoDB instance is listening on for connections
By default, MongoDB uses port 27017.
Click Next. The Secret Store section expands.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.\
Credential Rotation
User cleanup after access is revoked (in days)
(Optional) Defines the number of days after access has been revoked that the user should be deleted
Custom Access Details
(Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview.
Integration Owner
From the Attribute dropdown menu, select User or Group under the relevant identity provider (IdP) platform.
From the Value dropdown menu, select one or multiple users or groups.
NOTE: When Resource Owner is defined, an Integration Owner must be defined.
Resource Owner
Enter a Key name. This value is the name of the tag created in your cloud environment.
From the Attribute dropdown menu, select an attribute under the IdP platform to which the key name is associated. Apono will use the value associated with the key (tag) to identify the resource owner. When you update the membership of the group or role in your IdP platform, this change is also reflected in Apono.
NOTE: When this setting is defined, an Integration Owner must also be defined.
Click Confirm.
Now that you have completed this integration, you can create access flows that grant permission to your MongoDB instance.
Create an integration to manage access to a Microsoft SQL Server database
Microsoft SQL Server is a reliable and secure relational database management system. It can be used as the main data store for various applications, websites, and products.
Microsoft enables developers to create cloud-hosted SQL Server databases.
Through this integration, Apono helps you securely manage access to your Microsoft SQL Server database.
You must create a user in your Microsoft SQL Server instance for the Apono connector.
Use the following steps to create a user and grant it permissions to your databases:
In your preferred client tool, create a new user. Be sure to set a strong password for the user.
The password must be a minimum of 8 characters and include characters from at least three of these four categories:
Uppercase letters
Lowercase letters
Digits (0-9)
Symbols
Expose databases to the user. This allows Apono to view database names without accessing the contents of each database.
Grant the ALTER ANY LOGIN database permissions to the user in all the databases.
Grant the user ADMIN permissions: Allows Apono to grant users administrative-level access, including the ability to execute and drop tables\
Grant and revoke server-level roles with Apono
To use Apono for MS SQL server-level roles, you must assign the Apono connector user the securityadmin role.
You can also use the steps below to integrate with Apono using Terraform.
In step 11, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to complete the integration:
Under Discovery, click one or more resource types to sync with Apono.
Apono automatically discovers and syncs all the instances in the environment. After syncing, you can manage access flow to these resources.
Click Next. The Apono connector section expands.
From the dropdown menu, select a connector. Choosing a connector links Apono to all the services available on the account where the connector is located.
Click Next. The Integration Config section expands.
Define the Integration Config settings.
Click Next. The Secret Store section expands.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.\
Click Confirm.
This information can be obtained from a .
(Optional) Number of days after which the database credentials must be rotated Learn more about the .
Learn more about .
(Optional) Fallback approver if no is found Follow these steps to define one or several integration owners:
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several :
Members of the securityadmin fixed can GRANT, DENY, and REVOKE server-level permissions. They can also GRANT, DENY, and REVOKE database-level permissions if they have access to a database. Additionally, they can reset passwords for SQL Server logins.
Using the credentials from step 1, for the database instance.
You can now .
On the tab, click Microsoft SQL Server. The Connect Integration page appears.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating a connector (, , , ).
Associate the .
Refer to for more details about the schema definition.
Now that you have completed this integration, you can that grant permission to your Microsoft SQL Server database.
Apono Connector
On-prem connection serving as a bridge between a Microsoft SQL Server database instance and Apono:
Microsoft SQL Server Info
Information for the database instance to be integrated:
Hostname
Port number
Integration Name
Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow
Hostname
Hostname of the Microsoft SQL Server instance to connect
Port
Port value for the instance By default, Apono sets this value to 1433.
Database Name
Name of the database By default, Apono sets this value to master.
Credential Rotation
(Optional) Number of days after which the database credentials must be rotated Learn more about the Credentials Rotation Policy.
User cleanup after access is revoked (in days)
(Optional) Defines the number of days after access has been revoked that the user should be deleted
Learn more about Periodic User Cleanup & Deletion.
Custom Access Details
(Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview.
Integration Owner
(Optional) Fallback approver if no resource owner is found Follow these steps to define one or several integration owners:
From the Attribute dropdown menu, select User or Group under the relevant identity provider (IdP) platform.
From the Value dropdown menu, select one or multiple users or groups.
NOTE: When Resource Owner is defined, an Integration Owner must be defined.
Resource Owner
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several resource owners:
Enter a Key name. This value is the name of the tag created in your cloud environment.
From the Attribute dropdown menu, select an attribute under the IdP platform to which the key name is associated. Apono will use the value associated with the key (tag) to identify the resource owner. When you update the membership of the group or role in your IdP platform, this change is also reflected in Apono.
NOTE: When this setting is defined, an Integration Owner must also be defined.
How to integrate MySQL DB with Apono Cloud-Native access management platform
Reduce Over Privileges - Discover existing privileges to MySQL databases and convert them to on-demand access flows to reduce over-privileges.
Self Service Access - Empower your developers to gain self-servable access to databases using Slack.
Automated Approval Workflows - Create approval workflows to specific sensitive databases.
Restricted Third Party Access - Grant third-party (customer or vendor) time-based access to specific databases with MFA verification.
Review Access - View a detailed access audit of who was granted access to which databases with what permission level and why.
An Apono connector installed with network access to the MySQL databases
Minimal Apono connector version: 1.3.0 (visit the Connectors Page and update the connector if needed)
A user for Apono to your MySQL with the following permissions
A secret created in Secret Store with the following params:
Key username, Value MySQL USERNAME
Keypassword, Value USERNAME PASSWORD
📘 Why does Apono need secrets?
Apono does not store credentials. The Apono Connector uses the secret to communicate with services in your environment and separate the Apono web app from the environment for maximal security.
Create user for Connector in the instance, type in some secure password
Using aws-cli, store in AWS Secret Manager, make sure to replace #SECRET_NAME,#REGION,#USERNAME, #PASSWORD
Expose databases to apono_connector
Grant CREATE USER to apono_connector in all the databases
Select and grant apono_connector ONE of the following READ_ONLY, READ_WRITE, ADMIN permissions, this will function as the highest permission level you would like to provision with Apono
READ_ONLY
READ_WRITE
ADMIN
📘 Is your MySQL running on a cloud service?
If you are trying to connect to an RDS MySQL or a CloudSQL MySQL you should use the specific cloud service integration.
Click on Integrations Catalog.
Pick a connector with network access to the MySQL databases (see prerequisites)
Specify the integrations details:
Integration name – type the name of the integration &#xNAN;When building an Access Flow you will reference this name
Hostname – specify the hostname of the MySQL you are connecting
Port – 3306
Provide the secret (see prerequisites)
Click "Connect"
Congratulations on connecting your MySQL. You can now create access flows that grant permissions to your MySQL databases.
Have multiple MySQLs? Use the API or Terraform
You can check out the Apono API reference or our Terraform provider to easily integrate multiple integrations.
Create an integration to manage access to a MongoDB Atlas Portal instance and its resources
MongoDB Atlas is a fully-managed cloud database service that automates database administration tasks for MongoDB. It supports multiple cloud providers and offers advanced features like real-time analytics and security controls. Atlas simplifies database management, allowing organizations to focus on application development with a scalable, flexible database solution that adapts to changing needs and workloads.
Through this integration, Apono helps you securely manage access to your MongoDB Atlas UI Organizations and Projects.
Apono Connector
On-prem connection serving as a bridge between a MongoDB Atlas instance and Apono:
Atlas Command Line Interface (Atlas CLI)
MongoDB Atlas Info
Information for the MongoDB Atlas UI resources to be integrated:
Cluster name
Organization ID
You must create an API key with the Organization User role for the Apono connector.
Follow these steps to create the API key:
In the Atlas CLI, create the API key. The following command will return the public and private API keys in the response.
Be sure to replace <ORGANIZATION_ID> with the organization ID of the MongoDB Atlas UI to integrate.
Using the keys from the previous step, create a secret for the MongoDB Atlas UI instance.
You can now integrate your MongoDB Atlas UI resources .
You can also use the steps below to integrate with Apono using Terraform.
In step 11, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to complete the integration:
On the Catalog tab, click Mongo Atlas Portal. The Connect Integration page appears.
Under Discovery, click one or both resource types to sync with Apono.
Apono automatically discovers and syncs all the instances in the environment. After syncing, you can manage access flows to these resources.
Click Next. The Apono connector section expands.
From the dropdown menu, select a connector.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating a connector (AWS, Azure, GCP, Kubernetes).
Click Next. The Integration Config section expands.
Define the Integration Config settings.
Integration Name
Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow
Organization ID
ID of the organization of the MongoDB Atlas UI instance to connect
Click Next. The Secret Store section expands.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.\
Credential Rotation
User cleanup after access is revoked (in days)
(Optional) Defines the number of days after access has been revoked that the user should be deleted
Custom Access Details
(Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview.
Integration Owner
From the Attribute dropdown menu, select User or Group under the relevant identity provider (IdP) platform.
From the Value dropdown menu, select one or multiple users or groups.
NOTE: When Resource Owner is defined, an Integration Owner must be defined.
Resource Owner
Enter a Key name. This value is the name of the tag created in your cloud environment.
From the Attribute dropdown menu, select an attribute under the IdP platform to which the key name is associated. Apono will use the value associated with the key (tag) to identify the resource owner. When you update the membership of the group or role in your IdP platform, this change is also reflected in Apono.
NOTE: When this setting is defined, an Integration Owner must also be defined.
Click Confirm.
Apono provides enhanced integration capabilities with MongoDB Atlas Portal, permitting the discovery and management of multiple clusters simultaneously. This guide outlines the prerequisites and detailed steps necessary for setting up and configuring the deep discovery integration.
To discover multiple clusters in an Organization, Apono creates a Sub Integration for every discovered cluster, with its own Databases, Documents, and Roles.
Ensure you have the following items before beginning the integration process:
Apono Account
An Apono account with administrator access.
MongoDB Atlas Account
A MongoDB Atlas account with organization-level access.
Atlas Command Line Interface (CLI)
Apono Connector
Network Connectivity
Ensure network connectivity between your Apono Connector and MongoDB Atlas clusters.
You must create an API key with the Organization Owner role for the Apono connector.
Follow these steps to create the API key:
In the Atlas CLI, create the API key. The following command will return the public and private API keys in the response.
Be sure to replace <ORGANIZATION_ID> with the organization ID of the MongoDB Atlas UI to integrate.
Using the keys from the previous step, create a secret for the MongoDB Atlas UI instance.
Please note: Only AWS Secret Store and Azure Vault are supported for this integration at this time.
Navigate to the Apono Catalog and select MongoDB Atlas Portal integration.
Click Connect Integration.
Under Discovery, select your desired resource types. Make sure to select resources under both Integration and Sub Integration: \
Choose your Apono Connector from the dropdown menu.
Enter a unique integration name.
Provide your MongoDB Atlas Organization ID.
Select the secret created in Step 2.
For clusters in different networks or VPCs:
Create additional Apono Connectors in each network/VPC hosting clusters.
Tag each Mongo Cluster:
Replace <CONNECTOR_ID> with the ID of the Apono Connector in the cluster's network.
Choose the appropriate connection type:
Standard connection: No additional configuration needed.
Private connection: Tag the cluster with:
Private endpoint connection: Apply these tags:
And:
Review all configurations in the Apono integration form.
Click Confirm to complete the setup.
Deep discovery currently supports only AWS and Azure secret stores.
All Apono Connectors must have proper network access to their MongoDB Atlas clusters.
Explore additional Apono capabilities for access management in the Apono Catalog.
Now that you have completed this integration, you can create access flows that grant permission to your MongoDB Atlas UI Organizations and Projects.
Create an integration to manage access to an Elasticsearch instance
Elasticsearch is a distributed, RESTful search and analytics engine designed for horizontal scalability, reliability, and real-time search. It enables users to store, search, and analyze big volumes of data quickly and in near real-time. Elasticsearch is widely used for log and event data analysis, full-text search, and complex searches across large datasets.
Through this integration, Apono helps you securely manage access to your Elasticsearch instance.
You can also use the steps below to integrate with Apono using Terraform.
In step 8, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to complete the integration:
Under Discovery, click Next. The Apono connector section expands.
From the dropdown menu, select a connector.
Click Next. The Integration Config section expands.
Define the Integration Config settings.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.
Click Confirm.
Create an integration to manage access to a MongoDB Atlas instance
MongoDB Atlas is a fully managed and scalable cloud database service. It provides a flexible and secure platform for storing and managing data across various applications.
Developers can easily deploy, manage, and scale MongoDB databases in the cloud. Features like automated backups, global clusters, and real-time monitoring simplify database management.
Through this integration, Apono helps you discover and securely manage access to the resources in your MongoDB Atlas instance.
A project owner API key enables Apono to control Atlas user access across a or projects.
If you have a single MongoDB Atlas project, you can use a project owner API key to manage it through Apono.
Follow these steps to create a project owner API key:
At the Atlas CLI prompt, run the following command. Be sure to replace #PROJECT_ID with the project ID that contains the cluster you want to integrate.
Copy the public and private API key in the response.
with the credentials from step 2. Use the following key-value pair structure when generating the secret. Be sure to replace #PUBLIC_KEY and #PRIVATE_KEY with actual values.
You can also input the user credentials directly into the Apono UI during the .
You can now .
If you have multiple MongoDB Atlas projects, you can use a single project owner API key to manage them all through Apono.
Follow these steps to create and associate a project owner API key:
At the Atlas CLI prompt, run the following command. Be sure to replace #PROJECT_ID with the project ID that contains the cluster you want to integrate.
Copy the public and private API key in the response.
List all your Atlas projects and their IDs.
For each additional project ID, assign the public API key. Be sure to replace #API_KEY_ID with your public API key from step 2 and #PROJECT_ID with the project ID of the additional project to associate with the API key.
with the credentials from step 2. Use the following key-value pair structure when generating the secret. Be sure to replace #PUBLIC_KEY and #PRIVATE_KEY with actual values.
You can also input the user credentials directly into the Apono UI during the .
You can now .
You can also use the steps below to integrate with Apono using Terraform.
In step 11, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to complete the integration:
Under Discovery, select one or multiple resource types.
Apono automatically discovers and syncs all the instances in the environment. After syncing, you can manage access flows to these resources.
Click Next. The Apono connector section expands.
From the dropdown menu, select a connector. Choosing a connector links Apono to all the services available on the account where the connector is located.
Click Next. The Integration Config section expands.
Define the Integration Config settings.
Click Next. The Secret Store section expands.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.\
Click Confirm.
Create an integration to manage access to a Snowflake instance
Snowflake is a fully managed, cloud-based data platform that functions as a data warehouse, data lake, and data sharing solution. With features such as automatic scaling, secure data sharing, and robust data integration, Snowflake offers high performance and flexibility, ensuring seamless data management and analytics.
Through this integration, Apono helps you securely manage access to your Snowflake instance.
You can also use the steps below to integrate with Apono using Terraform.
In step 11, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to complete the integration:
Under Discovery, select one or multiple resource types for Apono to discover in all instances of the environment.
Click Next. The Apono connector section expands.
From the dropdown menu, select a connector. Choosing a connector links Apono to all the services available on the account where the connector is located.
Click Next. The Integration Config section expands.
Define the Integration Config settings.\
Click Next. The Secret Store section expands.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.\
Click Confirm.
Create an integration to manage access to a Vertica database
Vertica is a scalable and high-performance analytics database optimized for fast querying and analysis of large datasets. It delivers speed and flexibility for business intelligence and data warehousing applications.
Through this integration, Apono helps you securely manage access to your Vertica database and just-in-time (JIT) access to built-in and custom roles.
You must create a user in your Vertica database instance for the Apono connector and grant that user permissions to the database resources.
Follow these steps to create a user and grant it permissions:
In your preferred client tool, create a new user. Be sure to set a strong password for the user.
Grant the pseudosuperuser role to the user. This allows Apono to create or drop tables and manage user roles and permissions within the Vertica database.
Using the credentials from step 1, for the database instance.\
Apono does not store credentials. The Apono Connector uses the secret to communicate with services in your environment and separate the Apono web app from the environment for maximal .
You can also use the steps below to integrate with Apono using Terraform.
In step 10, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to complete the integration:
Under Discovery, click Next. The Apono connector section expands.
From the dropdown menu, select a connector. Choosing a connector links Apono to all the services available on the account where the connector is located.
Click Next. The Integration Config section expands.
Define the Integration Config settings.
Click Next. The Secret Store section expands.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.\
Click Confirm.
Create an integration to manage access to a Redis Cloud instance
Redis Cloud is a fully managed, in-memory data store that functions as a database, cache, and message broker. With features such as data persistence, replication, and clustering, Redis Cloud provides high availability and fault tolerance, seamless scalability, and automated maintenance for optimal performance and reliability.
Through this integration, Apono helps you securely manage access to your Redis Cloud instance.
You can also use the steps below to integrate with Apono using Terraform.
In step 11, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to complete the integration:
On the tab, click Redis Cloud (Redislabs). The Connect Integration page appears.
Under Discovery, select one or multiple resource types for Apono to discover in all instances of the environment.
Click Next. The Apono connector section expands.
From the dropdown menu, select a connector. Choosing a connector links Apono to all the services available on the account where the connector is located.
Click Next. The Integration Config section expands.
Define the Integration Config settings.
Click Next. The Secret Store section expands.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.\
Click Confirm.
Create an integration to manage access to Oracle Database tables and custom roles
Oracle Database is a relational database management system (RDBMS) developed by Oracle Corporation. It enables organizations to store, manage, and retrieve data using Structured Query Language (SQL). The database includes features for ensuring data integrity, performing backup and recovery, controlling access, and tuning performance.
Oracle Database supports both on-premises and cloud-based deployments through Oracle Cloud Infrastructure.
Through this integration, Apono helps you securely manage just-in-time, just-enough access to your Oracle Database, tables and custom roles.
You must create a user in your Oracle Database instance for the Apono connector.
Use the following steps to create a user and grant it permissions to your databases:
In your preferred client tool, create a new user. Be sure to set a strong password for the user.
The password must be a minimum of 9 characters and satisfy the following minimum requirements:
2 lowercase letters
2 uppercase letter
2 numbers (0-9)
2 special characters
Cannot have 3 consecutive identical characters
Have 4 different characters than the previous password
Cannot contain, repeat, or reverse the user name
Grant the user permission to connect to the Oracle Database.
Expose databases to the user. This allows Apono to view database names without accessing the contents of each database.
Grant the user permissions to query data from any object, create new user accounts, modify existing user accounts, and remove user accounts from the database.
You can also use the steps below to integrate with Apono using Terraform.
In step 11, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to complete the integration:
Under Discovery, click one or more resource types to sync with Apono.
Apono automatically discovers and syncs all the instances in the environment. After syncing, you can manage access flows to these resources.
Click Next. The Apono connector section expands.
From the dropdown menu, select a connector. Choosing a connector links Apono to all the services available on the account where the connector is located.
Click Next. The Integration Config section expands.
Define the Integration Config settings.
Click Next. The Secret Store section expands.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.\
Click Confirm.
Create an integration to manage access your PostgreSQL databases
PostgreSQL databases are open-source relational database management systems emphasizing extensibility and SQL compliance.
Through this integration, Apono helps you securely manage access to your PostgreSQL instance.
To enable Apono to manage PostgreSQL user access, you must create a user and then configure the integration within the Apono UI.
If your PostgreSQL instance runs on a cloud service, follow one of these guides:
You must create a user in your PostgreSQL instance for the Apono connector.
You must use the admin account and password to connect to your database.
Follow these steps to create a user and grant it permissions:
In your preferred client tool, create a new user. Use apono_connector for the username. Be sure to set a strong password for the user.
You must also grant the SUPERUSER role to the user in the database instance.
Using the credentials from step 1, for the database instance.
You can also use the steps below to integrate with Apono using Terraform.
In step 11, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to complete the integration:
Under Discovery, select one or multiple resource types for Apono to discover in all instances of the environment.
Click Next. The Apono connector section expands.
From the dropdown menu, select a connector. Choosing a connector links Apono to all the services available on the account where the connector is located.
Click Next. The Integration Config section expands.
Define the Integration Config settings.\
Click Next. The Secret Store section expands.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.\
Click Confirm.
Look for MySQL and click Connect
that enables quickly provisioning and managing Atlas database deployments from the terminal.
(Optional) Number of days after which the database credentials must be rotated Learn more about the .
Learn more about .
(Optional) Fallback approver if no is found Follow these steps to define one or several integration owners:
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several :
The Atlas CLI installed for efficient management of your cloud database deployments. More information on installation is available .
An Apono Connector installed in your environment (AWS, Azure, GCP, or Kubernetes). The Apono Connector acts as a bridge between Apono and your MongoDB Atlas resources. Environment-specific installation guides can be found in the .
On the tab, click Elasticsearch. The Connect integration page appears.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating a connector (, , , ).
Refer to for more details about the schema definition.
Now that you have completed this integration, you can that grant permission to your Elasticsearch instance.
On the tab, click MongoDB Atlas. The Connect Integration page appears.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating a connector (, , , ).
.
Refer to for more details about the schema definition.
Now that you have completed this integration, you can that grant permission to your MongoDB Atlas instance.
On the tab, click Snowflake. The Connect Integration page appears.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating a connector (, , , ).
.
Refer to for more details about the schema definition.
Now that you have completed this integration, you can that grant permission to your Snowflake instance.
You can now .
On the tab, click Vertica Database. The Connect Integration page appears.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating a connector (, , , ).
.
Refer to for more details about the schema definition.
Now that you have completed this integration, you can that grant permission to your Vertica database.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating a connector (, , , ).
.
Refer to for more details about the schema definition.
Now that you have completed this integration, you can that grant permission to your Redis Cloud instance.
Using the credentials from step 1, for the database instance.
You can also input the user credentials directly into the Apono UI during the .
You can now .
On the tab, click Oracle Database. The Connect Integration page appears.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating a connector (, , , ).
.
Refer to for more details about the schema definition.
Now that you have completed this integration, you can that grant permission to your Oracle Database resources.
You can also input the user credentials directly into the Apono UI during the .
On the tab, click PostgreSQL. The Connect Integration page appears.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating a connector (, , , ).
.
Refer to for more details about the schema definition.
Now that you have completed this integration, you can that grant permission to your PostgreSQL instance.
Integration Name
Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow
Proxy Address
Elasticsearch proxy address
Clusters
Array of Elasticsearch clusters
Example: [{"name":"cluster-1","hostname":"cluster-1.customer.com:9200"}]
Credential Rotation
(Optional) Number of days after which the database credentials must be rotated
Learn more about the Credentials Rotation Policy.
User cleanup after access is revoked (in days)
(Optional) Defines the number of days after access has been revoked that the user should be deleted
Learn more about Periodic User Cleanup & Deletion.
Custom Access Details
(Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview.
Integration Owner
(Optional) Fallback approver if no resource owner is found Follow these steps to define one or several integration owners:
From the Attribute dropdown menu, select User or Group under the relevant identity provider (IdP) platform.
From the Value dropdown menu, select one or multiple users or groups.
NOTE: When Resource Owner is defined, an Integration Owner must be defined.
Resource Owner
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several resource owners:
Enter a Key name. This value is the name of the tag created in your cloud environment.
From the Attribute dropdown menu, select an attribute under the IdP platform to which the key name is associated. Apono will use the value associated with the key (tag) to identify the resource owner. When you update the membership of the group or role in your IdP platform, this change is also reflected in Apono.
NOTE: When this setting is defined, an Integration Owner must also be defined.
Integration Name
Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow
Project Id
Unique identifier assigned to each project within MongoDB Atlas
Cluster Name
Name for a database cluster in MongoDB Atlas, serving as an identifier within a project
Cluster Type
Configuration of a MongoDB Atlas cluster
Private Endpoint Id
(Optional) Unique identifier for a private endpoint in MongoDB Atlas
Credential rotation period (in days)
(Optional) Number of days after which the database credentials must be rotated
Learn more about the Credentials Rotation Policy.
User cleanup after access is revoked (in days)
(Optional) Defines the number of days after access has been revoked that the user should be deleted
Learn more about Periodic User Cleanup & Deletion.
Custom Access Details
(Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview.
Integration Owner
(Optional) Fallback approver if no resource owner is found Follow these steps to define one or several integration owners:
From the Attribute dropdown menu, select User or Group under the relevant identity provider (IdP) platform.
From the Value dropdown menu, select one or multiple users or groups.
NOTE: When Resource Owner is defined, an Integration Owner must be defined.
Resource Owner
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several resource owners:
Enter a Key name. This value is the name of the tag created in your cloud environment.
From the Attribute dropdown menu, select an attribute under the IdP platform to which the key name is associated. Apono will use the value associated with the key (tag) to identify the resource owner. When you update the membership of the group or role in your IdP platform, this change is also reflected in Apono.
NOTE: When this setting is defined, an Integration Owner must also be defined.
Integration Name
Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow
Hostname
Hostname of the Snowflake instance to connect
Auth Type
Authorization type for the Snowflake user
User / Password: Apono-created local user credentials
SSO Auth: Synced user credentials from IdP integration with Snowflake
Credential Rotation
(Optional) Number of days after which the database credentials must be rotated Learn more about the Credentials Rotation Policy.
User cleanup after access is revoked (in days)
(Optional) Defines the number of days after access has been revoked that the user should be deleted
Learn more about Periodic User Cleanup & Deletion.
Custom Access Details
(Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview.
Integration Owner
(Optional) Fallback approver if no resource owner is found Follow these steps to define one or several integration owners:
From the Attribute dropdown menu, select User or Group under the relevant identity provider (IdP) platform.
From the Value dropdown menu, select one or multiple users or groups.
NOTE: When Resource Owner is defined, an Integration Owner must be defined.
Resource Owner
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several resource owners:
Enter a Key name. This value is the name of the tag created in your cloud environment.
From the Attribute dropdown menu, select an attribute under the IdP platform to which the key name is associated. Apono will use the value associated with the key (tag) to identify the resource owner. When you update the membership of the group or role in your IdP platform, this change is also reflected in Apono.
NOTE: When this setting is defined, an Integration Owner must also be defined.
Integration Name
Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow
Hostname
Hostname of the Vertica database instance to connect
Port
Port value for the instance By default, Apono sets this value to 5433.
Database Name
Name of the database
Credential Rotation
(Optional) Number of days after which the database credentials must be rotated Learn more about the Credentials Rotation Policy.
User cleanup after access is revoked (in days)
(Optional) Defines the number of days after access has been revoked that the user should be deleted
Learn more about Periodic User Cleanup & Deletion.
Custom Access Details
(Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview.
Integration Owner
(Optional) Fallback approver if no resource owner is found Follow these steps to define one or several integration owners:
From the Attribute dropdown menu, select User or Group under the relevant identity provider (IdP) platform.
From the Value dropdown menu, select one or multiple users or groups.
NOTE: When Resource Owner is defined, an Integration Owner must be defined.
Resource Owner
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several resource owners:
Enter a Key name. This value is the name of the tag created in your cloud environment.
From the Attribute dropdown menu, select an attribute under the IdP platform to which the key name is associated. Apono will use the value associated with the key (tag) to identify the resource owner. When you update the membership of the group or role in your IdP platform, this change is also reflected in Apono.
NOTE: When this setting is defined, an Integration Owner must also be defined.
Integration Name
Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow
Credential Rotation
(Optional) Number of days after which the database credentials must be rotated Learn more about the Credentials Rotation Policy.
User cleanup after access is revoked (in days)
(Optional) Defines the number of days after access has been revoked that the user should be deleted
Learn more about Periodic User Cleanup & Deletion.
Custom Access Details
(Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview.
Integration Owner
(Optional) Fallback approver if no resource owner is found Follow these steps to define one or several integration owners:
From the Attribute dropdown menu, select User or Group under the relevant identity provider (IdP) platform.
From the Value dropdown menu, select one or multiple users or groups.
NOTE: When Resource Owner is defined, an Integration Owner must be defined.
Resource Owner
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several resource owners:
Enter a Key name. This value is the name of the tag created in your cloud environment.
From the Attribute dropdown menu, select an attribute under the IdP platform to which the key name is associated. Apono will use the value associated with the key (tag) to identify the resource owner. When you update the membership of the group or role in your IdP platform, this change is also reflected in Apono.
NOTE: When this setting is defined, an Integration Owner must also be defined.
Apono Connector
On-prem connection serving as a bridge between an Oracle Database instance and Apono:
Oracle Database Information
Information for the database instance to be integrated:
Hostname
Port number
Integration Name
Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow
Hostname
Hostname of the Oracle Database instance to connect
Port
Port value for the instance By default, Apono sets this value to 1521.
Service Name
Name of the service By default, Apono sets this value to ORCL.
Credential Rotation
(Optional) Number of days after which the database credentials must be rotated Learn more about the Credentials Rotation Policy.
User cleanup after access is revoked (in days)
(Optional) Defines the number of days after access has been revoked that the user should be deleted
Learn more about Periodic User Cleanup & Deletion.
Custom Access Details
(Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview.
Integration Owner
(Optional) Fallback approver if no resource owner is found Follow these steps to define one or several integration owners:
From the Attribute dropdown menu, select User or Group under the relevant identity provider (IdP) platform.
From the Value dropdown menu, select one or multiple users or groups.
NOTE: When Resource Owner is defined, an Integration Owner must be defined.
Resource Owner
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several resource owners:
Enter a Key name. This value is the name of the tag created in your cloud environment.
From the Attribute dropdown menu, select an attribute under the IdP platform to which the key name is associated. Apono will use the value associated with the key (tag) to identify the resource owner. When you update the membership of the group or role in your IdP platform, this change is also reflected in Apono.
NOTE: When this setting is defined, an Integration Owner must also be defined.
Integration Name
Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow
Hostname
Hostname of the PostgreSQL database instance to connect
Port
Port value for the instance
By default, Apono sets this value to 5432.
Database Name
Name of the database to integrate
By default, Apono sets this value to postgre.
SSL Mode
(Optional) Mode of Secure Sockets Layer (SSL) encryption used to secure the connection with the SQL database server
require: An SSL-encrypted connection must be used.
allow: An SSL-encrypted or unencrypted connection is used. If an SSL encrypted connection is unavailable, the unencrypted connection is used.
disable: An unencrypted connection is used.
prefer: An SSL encrypted connection is attempted. If the encrypted connection is unavailable, the unencrypted connection is used.
verify-ca: An SSL-encrypted connection must be used and a server certification verification against the provided CA certificates must pass.
verify-full: An SSL-encrypted connection must be used and a server certification verification against the provided CA certificates must pass. Additionally, the server hostname is checked against the certificate's names.
Credential Rotation
(Optional) Number of days after which the database credentials must be rotated Learn more about the Credentials Rotation Policy.
User cleanup after access is revoked (in days)
(Optional) Defines the number of days after access has been revoked that the user should be deleted
Learn more about Periodic User Cleanup & Deletion.
Custom Access Details
(Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview.
Integration Owner
(Optional) Fallback approver if no resource owner is found Follow these steps to define one or several integration owners:
From the Attribute dropdown menu, select User or Group under the relevant identity provider (IdP) platform.
From the Value dropdown menu, select one or multiple users or groups.
NOTE: When Resource Owner is defined, an Integration Owner must be defined.
Resource Owner
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several resource owners:
Enter a Key name. This value is the name of the tag created in your cloud environment.
From the Attribute dropdown menu, select an attribute under the IdP platform to which the key name is associated. Apono will use the value associated with the key (tag) to identify the resource owner. When you update the membership of the group or role in your IdP platform, this change is also reflected in Apono.
NOTE: When this setting is defined, an Integration Owner must also be defined.
Redis Cloud API
REST API for managing Redis Cloud programmatically Enable the Redis Cloud API for your account.
Redis API credentials
Credentials used to authenticate a Redis REST API request:
These credentials are required for creating the Apono Secret in the next row.
Apono Secret
Value generated with the credentials of the user you create Create your secret based on your Redis Cloud API account key and user key:
"api_key": <ACCOUNT_KEY>
"secret_key": <USER_KEY>
Apono does not store credentials. The Apono Connector uses the secret to communicate with services in your environment and separate the Apono web app from the environment for maximal security.
Apono Connector
On-prem connection serving as a bridge between a Redis Cloud instance and Apono:
Apono Connector
On-prem connection serving as a bridge between a MongoDB Atlas instance and Apono:
Atlas CLI
Command-line interface used to manage Atlas resources
MongoDB Atlas Information
Information for the database instance to be integrated:
Apono Connector
On-prem connection serving as a bridge between a Vertica database instance and Apono:
Vertica Information
Information for the database instance to be integrated:
Hostname
Port number
Database name
Apono Connector
On-prem connection serving as a bridge between your PostgreSQL databases and Apono:
Minimum Required Version: 1.3.0 Use the following steps to update an existing connector:
PostgreSQL Info
Information for the database instance to be integrated:
Hostname
Port number
Database Name
Integrate Apono with MariaDB to manage JIT (just-in-time) access
MariaDB is a popular open-source relational database management system. Through this integration, Apono helps you securely manage access to your MariaDB database and provides just-in-time (JIT) access to built-in and custom roles, databases, and tables.
An Apono connector installed with network access to the MariaDB databases
Minimal Apono connector version: 1.3.0 (visit the Connectors Page and update the connector if needed)
A user for Apono to your MariaDB with the following permissions
A secret created in Secret Store with the following params:
Key username, Value MariaDB USERNAME
Keypassword, Value USERNAME PASSWORD
📘 Why does Apono need secrets?
Apono does not store credentials. The Apono Connector uses the secret to communicate with services in your environment and separate the Apono web app from the environment for maximal security
Create user for Connector in the instance, type in some secure password
Using aws-cli, store in AWS Secret Manager, make sure to replace #SECRET_NAME,#REGION,#USERNAME, #PASSWORD
Expose databases to apono_connector
Grant CREATE USER to apono_connector in all the databases
Select and grant apono_connector ONE of the following READ_ONLY, READ_WRITE, ADMIN permissions, this will function as the highest permission level you would like to provision with Apono
READ_ONLY
READ_WRITE
ADMIN
On the Catalog tab, click MariaDB.
Pick a connector with network access to the MariaDB databases (see prerequisites)
Specify the integrations details:
Integration name – type the name of the integration &#xNAN;When building an Access Flow you will reference this name
Hostname – specify the hostname of the MariaDB you are connecting
Port – 3306
Provide the secret (see prerequisites)
Click "Connect"
Congratulations on connecting your MariaDB. You can now create access flows that grant permissions to your MariaDB roles, databases and tables.
Have multiple MariaDB instances? Use the API or Terraform
You can check out the Apono API reference or Terraform Provider to easily integrate multiple integrations.
Apono Connector
On-prem connection serving as a bridge between an Elasticsearch instance and Apono:
Apono HTTP Proxy
Authorization controls to manage Elasticsearch The default Elasticsearch capabilities do not include authorization controls and therefore neither does the API. When integrating with Apono using the HTTP Proxy, you will be able to manage access to Elasticsearch using Apono Access Flows.
Apono Connector
On-prem connection serving as a bridge between a Snowflake instance and Apono:
Snowflake Hostname
Snowflake User
Snowflake user with the ACCOUNTADMIN role for the Apono connector
Apono Secret
Value generated with the credentials of the user you create Create your secret based on the Snowflake user credentials and connector you are using.
You can also input the user credentials directly.
Apono does not store credentials. The Apono Connector uses the secret to communicate with services in your environment and separate the Apono web app from the environment for maximal security.
