mirror of https://github.com/pomerium/pomerium.git synced 2025-05-18 03:27:16 +02:00

History

github-actions[bot] 479c0290d0 Update programmatic-access.md (#2190 ) (#2205 ) * Update programmatic-access.md tries to give a bit more context to the curl snippet to get a token for programmatic access include bastion host remote port forwarding and some other notes include headers in request mention update programmatic access Update programmatic-access.md Update programmatic-access.md update programmatic access * fumpt Co-authored-by: Bobby DeSimone <bobbydesimone@gmail.com> Co-authored-by: Joseph Chiocchi <input.output@gmail.com> Co-authored-by: Bobby DeSimone <bobbydesimone@gmail.com>		2021-05-17 09:30:00 -04:00
..
community	proxy / controplane: use old upstream cipher suite (#2196 ) (#2197 )	2021-05-12 23:17:57 +00:00
identity-providers	Updating Doc for Pomerium-Dex Exercise (#2018 )	2021-03-30 07:24:58 -06:00
img	docs: fix in-action video (#1268 )	2020-08-12 19:34:50 -04:00
quick-start	docs: replace httpbin with verify (#1702 )	2020-12-22 09:53:08 -08:00
topics	Update programmatic-access.md (#2190 ) (#2205 )	2021-05-17 09:30:00 -04:00
architecture.md	databroker: rename cache service (#1790 )	2021-01-21 08:41:22 -07:00
background.md	docs: fix links, fix upgrade guide (#1220 )	2020-08-05 23:07:49 -07:00
CHANGELOG.md	docs: v0.14.0 (#2174 )	2021-05-04 17:39:16 -04:00
FAQ.md	update docs (#1645 )	2020-12-03 08:29:17 -08:00
installation.md	deployment: Publish OS packages to cloudsmith (#2105 )	2021-04-21 07:12:14 -04:00
readme.md	update docs (#1645 )	2020-12-03 08:29:17 -08:00
upgrading.md	docs: add v0.14 feature highlights (#2183 ) (#2184 )	2021-05-08 21:18:40 +00:00

readme.md

title

lang

sidebarDepth

What is Pomerium

Overview?

Pomerium is an identity-aware proxy that enables secure access to internal applications. Pomerium provides a standardized interface to add access control to applications regardless of whether the application itself has authorization or authentication baked-in. Pomerium gateways both internal and external requests, and can be used in situations where you'd typically reach for a VPN.

Pomerium can be used to:

provide a single-sign-on gateway to internal applications.
enforce dynamic access policy based on context, identity, and device state.
aggregate access logs and telemetry data.
perform delegated user authorization for service-based authorization systems:
- Istio
- Google Cloud
provide unified identity attestation for upstream services:
provide a VPN alternative.

Demo

To make this a bit more concrete, click the image thumbnail to see a short youtube demo:

The above video shows the flow for both an unauthorized and authorized user.

An unauthorized user authenticates with their corporate single-sign-on provider.
The unauthorized user is blocked from a protected resource.
The unauthorized user signs out from their session.
An authorized user authenticates with their corporate single-sign-on provider.
Pomerium delegating and granting access to the requested resource.
The authorized user inspecting their user details including group membership.