Sym integrates with a number of AWS resources, IdPs, and third-party services.


Sym Access Flows rely on a variety of third-party integrations to provide effective, just-in-time access to secure infrastructure and resources. Integrations will generally fall into three categories, with quite a bit of overlap:

  1. Just-in-time access integrations provide approvable, auto-expiring access to role-based services like AWS IAM and Identity Center (SSO), identity providers like Okta and OneLogin, and standalone solutions like GitHub and Tailscale.
  2. SDK integrations enable you to incorporate helpful logic that can automate, expedite, and otherwise enhance your Flows.
  3. AWS Lambdas technically fall into both of the other categories: they can be run on approval as if part of an Access Flow, as well as invoked from within the SDK as part of any workflow. Lambdas are the basis for some of Sym's most advanced workflows, like temporary user creation for access to a PostgreSQL database.

Just-in-time access integrations

Access integrations are all implemented either via Sym assuming a role in your AWS environment, or by fetching credentials from your AWS Secrets Manager.

AptibleGrant users access to defined roles in Aptible.
AWS IAMEscalate users to AWS IAM roles.
AWS IAM Identity Center (SSO) Access StrategyEscalate users to AWS SSO groups.
GitHubGrant users temporary access to GitHub repos.
OktaGrant users temporary access to Okta groups.
OneLoginGrant users temporary access to OneLogin roles.
TailscaleGrant users temporary access to Tailscale nets.

SDK integrations

SDK integrations use the same secrets and roles as their access counterparts. Most are offshoots of Access Flows, except for the PagerDuty integration, which is SDK-only.

GitHubGet all the collaborators for a specific repo.
OktaList groups, get user information, and check whether a user is in a specific group.
OneLoginList roles, get user information, and check whether a user is in a specific role.
PagerDutyCheck whether a user is on call, check for open incidents, and look at on-call schedules.
SlackSend messages to users, groups, and channels.

AWS Lambda integrations

Similar to other AWS integrations, Sym's Lambda integrations use role assumption to execute Lambdas in your environment.

AWS Lambda AccessTrigger an AWS Lambda as part of an Access Flow.
AWS Lambda SDK IntegrationTrigger an AWS Lambda and use its returned payload in your SDK code.
MySQLUse Sym's Lambda integration to grant access to a MySQL database or generate temporary credentials.
PostgreSQLUse Sym's Lambda integration to grant access to a PostgreSQL database or generate temporary credentials.

Other integrations

Sym provides helper integrations to some third-party services that don't fit the basic access-and-SDK model, as well as a custom framework that you can use to build and deploy your own just-in-time access integrations.

CircleCIUse a Sym Bot User to insert a Sym Approval in your CircleCI pipeline.
Custom frameworkBuild your own Sym integration for just-in-time access to anything you control.