3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-13 16:24:16 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/docs/enterprise/reference/manage.md
alexfornuto 99ca59a68d remove errant dep
2021-07-29 15:43:38 -05:00

80 lines
2.2 KiB
Markdown
Raw Blame History

---
title: Manage
lang: en-US
sidebarDepth: 2
meta:
- name: keywords
content: configuration options settings Pomerium enterprise console
---
# Manage
## Routes
A Route provides access to a service through Pomerium.
### General
The **General** tab defines the route path, both from the internet and to the internal service, and the policies attached. Note that policies enforced on a Namespace the Route resides in will also be applied.
#### Name
#### From
#### To
#### Redirect
#### Policies
#### Pass Identity Headers
#### Enable Google Cloud Serverless Authentication
### Matchers
### Rewrite
### Timeouts
### Headers
### Load Balancer
## Policies
A Policy defines what permissions a set of users or groups has. Policies are applied to Namespaces or Routes to associate the set of permissions with a service or set of service, completing the authentication model.
::: tip
This is a separate concept from [policies](../reference/#policy) in the non-enterprise model. In open-source Pomerium, the `policy` block defines both routes and access.
:::
Policies can be constructed three ways:
#### Web UI
From the **BUILDER** tab, users can add allow or deny blocks to a policy, containing and/or/not/nor logic to allow or deny sets of users and groups.
![A policy being constructed in Pomerium Enterprise console allowing a single user access](../img/example-policy-single-user.png)
#### Pomerium Policy Language
From the **EDITOR** tab users can write policies in Pomerium Policy Language (**PPL**), a YAML-based notation.
![A policy as viewed from the editor tab](../img/example-policy-editor.png)
#### Rego
For those using [OPA](https://www.openpolicyagent.org/), the **REGO** tab will accept policies written in Rego.
::: tip
A policy can only support PPL or Rego. Once one is set, the other tab is disabled.
:::
#### Overrides
- **Any Authenticated User**: This setting will allow access to a route with this policy attached to any user who can authenticate to your Identity Provider (**IdP**).
- **CORS Preflight**:
- **Public Access**: This setting allows complete, unrestricted access to an associated route. Use this setting with caution.
## Certificates
Reference in a new issue View git blame Copy permalink