A zero-trust identity and context-aware reverse proxy for secure, clientless access to internal web apps without a VPN.
Pomerium is an identity and context-aware reverse proxy that enables secure, clientless access to internal web applications and services. It replaces traditional corporate VPNs by building zero-trust connections that verify every action before allowing access, ensuring continuous security and auditability.
Organizations and DevOps teams needing secure remote access to internal applications, especially those looking to replace or augment VPNs with a zero-trust, identity-aware solution.
Developers choose Pomerium for its clientless, tunnel-free architecture that provides faster, more secure access than VPNs, with granular context-aware policies and continuous verification for every request.
Pomerium is an identity and context-aware access proxy.
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
Users can securely connect to internal applications directly from their browser without installing any software, eliminating the need for corporate VPN clients as emphasized in the README.
Implements continuous verification where every action is audited and verified before execution, providing a high-security standard that moves beyond traditional VPNs.
Integrates organizational data to make intelligent, tailored access decisions based on user identity and context, which is a core feature highlighted in the philosophy.
Deploys alongside applications for faster, more direct access without VPN tunneling overhead, improving performance as described in the key features.
Requires setup with OIDC or similar identity providers, which can be challenging and time-consuming for teams without prior experience in identity management.
Focused primarily on HTTP/HTTPS traffic, so it's not suitable for securing non-web services or protocols, which may necessitate additional tools.
Self-hosted deployments demand ongoing configuration, maintenance, and monitoring, unlike fully managed solutions, potentially increasing operational burden.