3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-06 10:21:05 +02:00
Code Issues Projects Releases Packages Wiki Activity

updates to Enterprise section

Browse source
This commit is contained in:
alexfornuto 2021-07-22 10:16:16 -05:00
parent df3edf76ee
commit b2685ec186
3 changed files with 8 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/enterprise/install/helm.md
View file

@ -169,4 +169,4 @@ kubectl delete svc pomerium-authenticate
<!-- @travis I forget the context here, and it isn't in my history --> <!-- @travis I forget the context here, and it isn't in my history -->
proxy.existingTLSSecret=pomerium-tls. (config after) proxy.existingTLSSecret=pomerium-tls. (config after)

7
docs/enterprise/install/readme.md
View file

@ -4,4 +4,9 @@ lang: en-US
meta: meta:
- name: keywords - name: keywords
content: pomerium identity-access-proxy oidc docker reverse-proxy containers install enterprise console content: pomerium identity-access-proxy oidc docker reverse-proxy containers install enterprise console
--- ---
There are several ways to install Pomerium Enterprise, to suite your organization's needs. [Let us know] if you don't see an installation method compatible with your infrastructure.
- [Quickstart](./quickstart.md)
- [Kubernetes with Helm](./helm.md)

46
docs/enterprise/readme.md
View file

@ -1,45 +1 @@
--- <Redirect to="/enterprise/about/" />
title: Pomerium Enterprise
lang: en-US
sidebarDepth: 0
meta:
- name: keywords
content: >-
pomerium overview identity-access-proxy beyondcorp zero-trust
reverse-proxy ztn zero-trust-networks console enterprise scale
---
# What is Pomerium
## Overview?
Pomerium is an identity-aware proxy that enables secure access to internal applications. Pomerium provides a standardized interface to add access control to applications regardless of whether the application itself has authorization or authentication baked-in. Pomerium gateways both internal and external requests, and can be used in situations where you'd typically reach for a VPN.
Pomerium can be used to:
- provide a **single-sign-on gateway** to internal applications.
- enforce **dynamic access policy** based on **context**, **identity**, and **device state**.
- aggregate access logs and telemetry data.
- perform delegated user authorization for service-based authorization systems:
- [Istio](/guides/istio.md)
- [Google Cloud](/guides/cloud-run.md)
- provide unified identity attestation for upstream services:
- [Kubernetes](/guides/kubernetes.md)
- [Grafana](/guides/istio.md#pomerium-configuration)
- [Custom applications](/docs/topics/getting-users-identity.md)
- provide a **VPN alternative**.
## Demo
To make this a bit more concrete, click the image thumbnail to see a short youtube demo:
[![demo](https://img.youtube.com/vi/ddmrkvBSO60/0.jpg)](https://www.youtube.com/watch?v=ddmrkvBSO60 "Pomerium demo")
The above video shows the flow for both an unauthorized and authorized user.
1. An **unauthorized** user authenticates with their corporate single-sign-on provider.
2. The **unauthorized** user is blocked from a protected resource.
3. The **unauthorized** user signs out from their session.
4. An **authorized** user authenticates with their corporate single-sign-on provider.
5. Pomerium delegates and grants access to the requested resource.
6. The **authorized** user inspects their user details including group membership.