mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-01 11:26:29 +02:00
Pomerium is an identity and context-aware access proxy.
|
|
||
|---|---|---|
| .github | ||
| authenticate | ||
| authorize | ||
| cmd/pomerium | ||
| docs | ||
| internal | ||
| proto | ||
| proxy | ||
| scripts | ||
| .codecov.yml | ||
| .gitignore | ||
| .golangci.yml | ||
| .travis.yml | ||
| 3RD-PARTY | ||
| Dockerfile | ||
| Dockerfile.arm32v6 | ||
| Dockerfile.arm32v7 | ||
| Dockerfile.arm64v8 | ||
| go.mod | ||
| go.sum | ||
| LICENSE | ||
| Makefile | ||
| package.json | ||
| README.md | ||
| VERSION | ||
Pomerium is an identity-aware proxy that enables secure access to internal applications. Pomerium provides a standardized interface to add access control to applications regardless of whether the application itself has authorization or authentication baked-in. Pomerium gateways both internal and external requests, and can be used in situations where you'd typically reach for a VPN.
Pomerium can be used to:
- provide a single-sign-on gateway to internal applications.
- enforce dynamic access policy based on context, identity, and device state.
- aggregate access logs and telemetry data.
- a VPN alternative.
Architecture
Demo
To make this a bit more concrete, see the following:
- An unauthorized user authenticating with their corporate single-sign-on provider (in this case Google)
- The unauthorized user being blocked from a protected resource.
- The unauthorized user signing out from their session.
- An authorized user authenticating with their corporate single-sign-on provider.
- Pomerium delegating and grating access to the requested resource.
- The authorized user inspecting their user details including group membership.
Docs
For comprehensive docs, and tutorials see our documentation.