Use Case

Aporeto ensures consistent policy across cloud and hybrid environments, eliminating VPNs, with an identity-aware security platform. Aporeto enables authenticated and authorized single sign-on leveraging an OIDC compliant third-party identity provider’s (Okta, OAuth, Ping) access controls based on a user’s authenticated identity. Aporeto then generates a token and provides users with an ephemeral certificate tied to enterprise identity, for access to resources. The Cloud PAM identity-based policy model enables organizations to provide a federated identity for each user that can be applied for access to any resource across hybrid or cloud infrastructure that uses IAM. Security teams can now granularly manage cloud credentials and restrict access to resources while simplifying the ability to meet compliance requirements.

Problem Statement

Traditionally, enterprise users have had to use cumbersome virtual private networks (VPNs) for remote site access to their organizations private business network to access resources. Application administrators in turn have had to setup unwieldy VPN appliances. The ability to differentiate between different user types and metering appropriate access rights is difficult if organizations are relying on VPNs. This type of remote network access is awkward and inefficient and places the entire corporate network at risk.

Customer Pain Points

VPNs are perimeter centric and hard to manage in hybrid and multi-cloud environments.

VPN user access is too coarse grained.



It is hard to differentiate between employees, contractors and third-parties.


The Aporeto Solution

identity aware security


Manage access to cloud resources based on enterprise user identity, rather than IPs or devices.


Eliminate VPNs

Eliminate VPNs by granularly managing authorization to applications and APIs.



Consistent security policy

Enforce consistent access policy across clouds and hybrid environments.



...Cloud PAM for Resources, is empowering us to migrate more rapidly on AWS...

As we migrate our infrastructure into AWS, we want to have a more cloud-native architecture and implement a Zero Trust security posture without having the burden of rewriting our applications or putting efforts into undifferentiated, but required, security tasks. The Aporeto Cloud Identity Framework, and in our case, Cloud PAM for Resources, is empowering us to migrate more rapidly on AWS while having the best-in-class security posture.

Lucas Tischhauser

Application Security Architect

Get Started with Aporeto Today!

Key Resources