Skip to main content

Apono - Just-in-Time Access

apono-logo

Apono is a commercial (paid) access management platform focused on the concept of Just-in-Time (JIT) Access. Its primary goal is to eliminate permanent and privileged access, replacing it with temporary, granular, and auditable access granted only when needed.

Apono's core idea is to help organizations implement the Least Privilege policy β€” ensuring that each user has only the minimum access necessary to perform their task, for the shortest possible time, and nothing beyond that.

In a scenario where attacks exploit permanent credentials and excessive access, Apono emerges as a modern solution to enforce the least privilege principle in an automated and scalable way.

It's worth noting that most enterprise security solutions used by large organizations are paid. This is because tools at this level require dedicated support, constant updates against new threats, certified integrations with cloud providers, and compliance with regulatory frameworks β€” requirements that demand continuous investment in engineering and infrastructure.

The Problem with Permanent Access​

In most organizations, access is granted and rarely revoked. This creates a dangerous scenario:

  • Privilege accumulation: Employees accumulate permissions over time, even when they no longer need them.
  • Expanded attack surface: The more permanent access exists, the greater the risk in case of credential compromise.
  • Audit difficulty: It is nearly impossible to know who actually needs which access when everything is permanent.
  • Compliance violations: Frameworks like SOC 2, ISO 27001, and PCI-DSS require strict control over privileged access.

What is Just-in-Time (JIT) Access?​

Just-in-Time Access is a model where access is granted on demand, for a limited period, and automatically revoked at the end of that period. Instead of a developer having permanent access to the production database, they request access when needed, receive temporary permission, and access is automatically removed after the set time.

The typical flow works like this:

  1. Request: The user requests access to a specific resource (via portal, Slack, CLI, etc.).
  2. Approval: The request goes through an approval flow (automatic or manual, according to the defined policy).
  3. Temporary grant: Access is granted for a defined period (e.g., 1 hour, 4 hours, 1 day).
  4. Automatic revocation: When the time expires, access is automatically removed without manual intervention.
  5. Full audit: The entire cycle is recorded for compliance and investigation purposes.

Audit Scope​

It's important to understand what exactly Apono audits. Apono records the entire access lifecycle:

  • Who requested access and when.
  • What was requested (e.g., SSM access to a specific EC2 instance, admin role on a Kubernetes cluster).
  • Justification provided by the requester.
  • Who approved and at what time.
  • Duration of the granted access.
  • When access was revoked (automatically or manually).

The diagram below illustrates the complete flow of an access request and where each audit layer operates:

However, Apono does not audit the commands executed within the session. For example, if an engineer requests SSM access to a specific machine on AWS, Apono records that access was granted to that instance for a specific period β€” but the commands executed during the SSM session are the responsibility of AWS Systems Manager Session Manager, which has its own logs (CloudTrail and S3).

In summary:

ResponsibilityTool
Who requested, what, when, why, who approvedApono
Commands executed in SSM sessionsAWS Session Manager + CloudTrail
Queries executed in databasesNative database logs (audit logs)
Commands in SSH/Kubernetes sessionsSession recording tools (e.g., Teleport, auditd)

Apono ensures governance of who has access to what and when, while auditing what was done with that access depends on each resource's native tools. A complete security strategy combines both layers.

How Apono Works​

Apono integrates directly with identity providers and your infrastructure resources, acting as an intermediate access control layer:

  • Cloud integrations: AWS, Azure, GCP β€” dynamically manages IAM roles, groups, and permissions.
  • Kubernetes: Access control for clusters, namespaces, and resources via temporary RBAC.
  • Databases: PostgreSQL, MySQL, MongoDB, Redis, and others β€” grants temporary credentials with limited scope.
  • SaaS and tools: GitHub, GitLab, Datadog, Snowflake, and many other integrations.
  • Identity Providers: Integration with Okta, Azure AD, Google Workspace for authentication and identity context.

Access Policies (Access Flows)​

The heart of Apono are the Access Flows, which define:

  • Who can request access (groups, teams, roles).
  • To what access is granted (specific resources, environments, databases).
  • What level of access (read-only, admin, custom roles).
  • For how long access is valid (minutes, hours, days).
  • Who approves the request (managers, resource owners, automatic).
  • Additional conditions (allowed hours, mandatory justification, MFA).

Self-Service and Automation​

One of Apono's great advantages is the self-service model:

  • Developers request access directly via Slack, Teams, web portal, or CLI.
  • Approval flows can be fully automated for low-risk access.
  • High-risk access requires manual approval with real-time notifications.
  • Break-glass access: Emergency procedures with immediate access and enhanced auditing.

Apono Benefits​

  • Zero Standing Privileges: Eliminates permanent access, drastically reducing the attack surface.
  • Automated compliance: Generates complete audit trails for SOC 2, ISO 27001, PCI-DSS, HIPAA.
  • Reduced operational burden: Security teams don't need to manually manage access requests.
  • Developer experience: Fast self-service without depending on tickets or waiting for lengthy manual approvals.
  • Full visibility: Centralized dashboard showing who has access to what, when, and why.
  • Lower incident risk: Temporary access means compromised credentials have limited validity.

Comparison with Other Tools​

Apono is not the only tool in the privileged access management space. Here's how it positions itself against other solutions:

Apono vs. CyberArk / BeyondTrust (Traditional PAM)​

Traditional Privileged Access Management (PAM) tools like CyberArk and BeyondTrust are robust but were designed for on-premise and static environments.

  • Approach: Traditional PAM focuses on password vaults and session recording. Apono focuses on eliminating the need for permanent access.
  • Cloud-native: Apono was built for cloud-first environments, with native integrations for AWS, Azure, GCP, and Kubernetes. Traditional PAM requires significant adaptations for cloud.
  • Complexity: Traditional PAM requires dedicated infrastructure and complex configuration. Apono is SaaS with quick setup.
  • Cost: Traditional PAM typically has more expensive and complex licensing. Apono has a more accessible pricing model for cloud-native teams.

Apono vs. Teleport​

Teleport is a secure infrastructure access platform that also offers JIT capabilities. Both tools seek to solve the privileged access problem, but with fundamentally different approaches.

Teleport works as an access proxy: all traffic (SSH, Kubernetes, databases, web applications) passes through it. This allows Teleport to record sessions, log executed commands, and apply access policies in real-time. It's a powerful solution when the goal is to have total control over the session.

Apono, on the other hand, operates at the permissions layer: it grants and revokes roles, IAM policies, group memberships, and credentials directly in the providers (AWS, GCP, Azure, databases). Traffic doesn't pass through Apono β€” it only manages who has access to what.

  • Architecture: Teleport requires deploying proxies and agents in your infrastructure, which adds operational complexity and an additional point in the network path. Apono is SaaS with lightweight connectors that only manage permissions, without interfering with traffic.
  • Coverage scope: Teleport covers servers (SSH), Kubernetes, databases, and web applications. Apono goes further, also covering IAM permissions in clouds, SaaS tools (GitHub, GitLab, Datadog, Snowflake), and any resource that uses RBAC or access policies.
  • Session auditing: Here Teleport has an advantage β€” being a proxy, it can record sessions and log commands executed. Apono only audits the access lifecycle (who requested, who approved, when it expired), not what was done within the session.
  • Governance and approval flows: Apono has a stronger focus on approval workflows, with native integration with Slack, Teams, and self-service portals. Teleport offers approvals but with less flexibility in defining conditional flows.
  • Adoption curve: Teleport requires changes in how teams access infrastructure (everything goes through the proxy). Apono is more transparent β€” access continues to be done the same way (SSM, kubectl, psql), only permissions are managed dynamically.

Apono and Native Cloud Tools (IAM Identity Center, Azure PIM)​

It's important to understand that Apono does not replace tools like AWS IAM Identity Center or Azure PIM β€” it uses them under the hood. When Apono grants temporary access on AWS, for example, it's interacting with IAM, creating and removing roles, policies, or group memberships through the cloud's native APIs. The same applies to Azure PIM, GCP IAM, and others.

Apono acts as an orchestration layer above these native tools, adding:

  • Unified view: While IAM Identity Center only manages AWS access and Azure PIM only Azure, Apono offers a single panel and request flow that orchestrates permissions across multiple clouds, databases, Kubernetes, and SaaS tools simultaneously.
  • Advanced approval workflows: Native tools offer basic approvals. Apono allows complex conditional flows β€” automatic approval for dev environments, manager approval for staging, manager + security approval for production β€” all integrated with Slack and Teams.
  • Centralized governance: Instead of configuring access policies separately in each cloud, Apono centralizes governance rules. You define once "developers can request read-only access to production databases for up to 2 hours" and this applies to AWS RDS, Azure SQL, and GCP Cloud SQL.
  • Cross-cloud auditing: A single report showing all access granted and revoked across the entire infrastructure, regardless of the provider.

Apono vs. Managing Permissions Internally​

A common approach in many companies is to create internal projects to organize permissions by team β€” whether through groups in the Identity Provider (Okta, Azure AD), custom roles in each cloud, IAM policies via Terraform, or scripts that automate access creation by team. In theory, it seems like an efficient and controlled solution. In practice, maintenance becomes a nightmare.

The big problem is that companies are living organisms: people constantly come and go, teams are reorganized, projects are born and die, and specific situations require access that doesn't fit pre-defined permission profiles. The result is an endless cycle of:

  • Onboarding/Offboarding: Each new employee needs to be manually added to the correct groups on each platform (AWS, GCP, Kubernetes, databases), and each departure requires review and revocation across all these systems β€” frequently forgotten in some of them.
  • Team changes: When someone changes teams, old access is rarely removed and new access is added on top of the previous ones.
  • Ad-hoc access: A developer needs to access the production database to investigate an urgent bug, but their access profile doesn't account for this. Someone grants "temporary" access that is never revoked.
  • Permission drift: Over time, the reality of access diverges completely from what was planned in the original profiles. Roles accumulate extra policies, groups have members who shouldn't be there, and no one has clear visibility of the actual state.
  • Maintenance cost: The team maintaining these automations spends more and more time fighting fires instead of working on improvements. Each new tool or cloud added multiplies the complexity.

Apono solves this problem by changing the approach: instead of trying to maintain a static map of "who has access to what" on each platform, it starts from the principle that no one has permanent access to anything. Access is granted on demand, with defined scope and duration, and automatically revoked. This eliminates the permission profile maintenance problem because there are no permanent access to manage.

Managing permissions manually is like trying to map a river β€” by the time you finish the map, the river has already changed course. Apono's JIT model eliminates the need for the map because access only exists when needed.

When to Use Apono​

Apono is especially recommended for:

  • Organizations with multi-cloud infrastructure that need unified access governance.
  • Engineering teams that need frequent access to sensitive environments (production, databases).
  • Companies on a compliance journey (SOC 2, ISO 27001, PCI-DSS) that need to demonstrate privileged access control.
  • Security teams overwhelmed with manual access requests.
  • Kubernetes environments where static RBAC is not sufficient for proper governance.

Important Considerations​

Being a commercial tool, it's important to consider:

  • Cost: Evaluate the pricing model based on the number of users and integrations needed. There is a free plan with limited features for small teams.
  • SaaS dependency: As a managed solution, your access data passes through Apono's infrastructure. Evaluate data residency and security requirements.
  • Adoption curve: Although technical setup is quick, the cultural shift from "permanent access" to "temporary access" requires planning and communication with teams.

The Just-in-Time Access model is not just a tool β€” it's a paradigm shift in how we manage access. Apono facilitates this transition, but success depends on organizational commitment to the least privilege principle.