Sym integrates with a number of AWS resources, IdPs, and third-party services.
Sym Access Flows rely on a variety of third-party integrations to provide effective, just-in-time access to secure infrastructure and resources. Integrations will generally fall into three categories, with quite a bit of overlap:
- Just-in-time access integrations provide approvable, auto-expiring access to role-based services like AWS IAM and Identity Center (SSO), identity providers like Okta and OneLogin, and standalone solutions like GitHub and Tailscale.
- SDK integrations enable you to incorporate helpful logic that can automate, expedite, and otherwise enhance your Flows.
- AWS Lambdas technically fall into both of the other categories: they can be run on approval as if part of an Access Flow, as well as invoked from within the SDK as part of any workflow. Lambdas are the basis for some of Sym's most advanced workflows, like temporary user creation for access to a PostgreSQL database.
Just-in-time access integrations
Access integrations are all implemented either via Sym assuming a role in your AWS environment, or by fetching credentials from your AWS Secrets Manager.
|Aptible||Grant users access to defined roles in Aptible.|
|AWS IAM||Escalate users to AWS IAM roles.|
|AWS IAM Identity Center (SSO) Access Strategy||Escalate users to AWS SSO groups.|
|GitHub||Grant users temporary access to GitHub repos.|
|Okta||Grant users temporary access to Okta groups.|
|OneLogin||Grant users temporary access to OneLogin roles.|
|Tailscale||Grant users temporary access to Tailscale nets.|
SDK integrations use the same secrets and roles as their access counterparts. Most are offshoots of Access Flows, except for the PagerDuty integration, which is SDK-only.
|GitHub||Get all the collaborators for a specific repo.|
|Okta||List groups, get user information, and check whether a user is in a specific group.|
|OneLogin||List roles, get user information, and check whether a user is in a specific role.|
|PagerDuty||Check whether a user is on call, check for open incidents, and look at on-call schedules.|
|Slack||Send messages to users, groups, and channels.|
AWS Lambda integrations
Similar to other AWS integrations, Sym's Lambda integrations use role assumption to execute Lambdas in your environment.
|AWS Lambda Access||Trigger an AWS Lambda as part of an Access Flow.|
|AWS Lambda SDK Integration||Trigger an AWS Lambda and use its returned payload in your SDK code.|
|MySQL||Use Sym's Lambda integration to grant access to a MySQL database or generate temporary credentials.|
|PostgreSQL||Use Sym's Lambda integration to grant access to a PostgreSQL database or generate temporary credentials.|
Sym provides helper integrations to some third-party services that don't fit the basic access-and-SDK model, as well as a custom framework that you can use to build and deploy your own just-in-time access integrations.
|CircleCI||Use a Sym Bot User to insert a Sym Approval in your CircleCI pipeline.|
|Custom framework||Build your own Sym integration for just-in-time access to anything you control.|
Updated 2 months ago