• Overview
  • Configuration

Related-apps

Apono

Centralize access decisions by syncing Apono accounts with directory structures.

Identity provisioningIdentity management

Overview

Apono is an access management platform that automates least-privilege access to cloud infrastructure, databases, and SaaS tools. It enables just-in-time, approval-based access workflows to production environments. By integrating Apono with ADManager Plus, organizations can synchronize user data and streamline identity management between Apono and Active Directory (AD) environments, improving consistency and reducing manual effort.

Use cases

 

Automate user provisioning

Automate user data synchronization from Apono to ADManager Plus to keep identity records consistent across systems.

 

Maintain user profiles

Maintain up-to-date user profiles in Active Directory by reflecting changes made in Apono in near real time.

 

Standardize user attributes

Standardize user attribute mapping between Apono and AD to enable reliable provisioning and access workflows.

 

Prerequisites:

Please ensure to provide the bearer token to retrieve desired information and perform tasks in Apono. Refer to Apono API references for more details.

Privileges:

  • To import users (inbound action): Ensure the account used for authorization has permission to read all user accounts.
  • To perform any action or query in Apono (outbound action): Ensure the account used for authorization has permission to perform the desired action.

Authorization configuration

  • Log in to ADManager Plus and navigate to Directory/Application Settings.
  • Go to Application Integrations, then search and select Apono.
  • Toggle the Enable Apono Integration button on.
  • In the Apono Configuration page, click Authorization.
  • Perform the steps to generate Bearer token in Apono and paste the Bearer token in the Value field.
  • Click Configure.

Inbound webhook configuration

Inbound webhook enables you to fetch user data from Apono to ADManager Plus. To configure an inbound webhook for Apono:

  • Under Inbound Webhook, click Apono Endpoint Configuration.
  • In the Endpoint Configuration tab, an endpoint, Apono USERS ENDPOINT, comes pre-configured with an Endpoint URL, API Method, Headers, and Parameters fields to fetch user accounts from Apono. However, if you would like to use a new endpoint to import users, you can configure one using the + Add API endpoint button and filling in the required fields as per Apono’s API references. Click here to learn how. Note:
    • The API key value pair is preconfigured as a header for authenticating API requests as configured during Authorization Configuration.
    • Macros: You can add macros to your endpoint configuration to dynamically change it as per your requirement using the macro chooser component.
    • Refer to Apono's API references and configure additional headers and parameters, if required.
  • Once done, click Test & Save. A response window will display all the requested parameters that can be fetched using the API call. After verifying if the requested parameters have been called to action, click Proceed. Note:
    • Refer to Apono’s API references to know the Parameters that must be configured to fetch only specific parameters.
    • You can configure multiple endpoints for Apono using the + Add API endpoint button. Click here to learn how.
  • Click Data Source - LDAP Attribute Mapping to match endpoints and to map AD LDAP attributes with the respective attributes in Apono.
  • Click + Add New Configuration and perform the following:
    • Enter the Configuration Name and Description, and select the Automation Category from the drop-down menu.
    • In the Select Endpoint field, select the desired endpoint and a Primary Key that is unique to a user (e.g., id).
    • In the Attribute Mapping field, select the attribute from the LDAP Attribute Name drop-down menu and map it with the respective column in Apono.
    • If you would like to create a new custom format for this, click Mapping Attribute.
    • Click Save.
Note: The attribute mapping configured in this section can be selected as the data source during automation configuration to perform the desired action on the list of users received from the API response

Outbound webhook configuration

Outbound webhook enables you to update the changes made in AD using ADManager Plus to Apono or fetch or forward required details from Apono and synchronize them with AD. They can also be applied directly to desired users to perform a sequence of actions on them (Management > Advanced Management > Orchestration).

To configure an outbound webhook for Apono:

  • Under Outbound Webhook, click Apono Webhook Configuration.
  • Click + Add Webhook.
  • Enter a name and description for this webhook.
  • Decide on the action that has to be performed and refer to Apono’s API references for the API details, such as the URL, headers, parameters, and other requirements that will be needed.
  • Select the HTTP method that will enable you to perform the desired action on the endpoint from the drop-down menu.
  • Enter the endpoint URL.
  • Configure the Headers, Parameters, and Message Type in the appropriate format based on the API call that you would like to perform.
  • Click Test & Save.
  • A pop-up window will then display a list of AD users and groups on which to test the configured API call. Select the desired user or group on which this API request has to be tested and click OK. This will make a real-time call to the endpoint URL, and the selected objects will be modified according to the configuration.
  • The webhook response and request details will then be displayed. Verify them for the expected API behavior and click Save.
Note: The webhooks configured in this section can be included in Orchestration Templates, which can be used in event-driven and scheduled automations. They can also be applied directly to desired users to perform a sequence of actions on them (under Management > Advanced Management > Orchestration).