Home
Projects

Open-Source Projects

Discover top open-source software, updated regularly with real-world adoption signals.

PickYourTech

Curated open-source & SaaS tooling to help teams ship faster.

Projects Alternatives Categories About

Terms Privacy

Pomerium – Identity‑Aware Access Proxy for Secure | PickYourTech

Home
Projects
VPN & Zero Trust Networks
Pomerium

Pomerium

Clientless, zero‑trust access proxy for internal web applications

VPN & Zero Trust Networks

Overview Highlights Managed products Fit Use cases Tech Tags FAQ

Pomerium provides secure, clientless connections to internal web apps and services, eliminating VPNs with policy‑driven, identity‑aware access that’s deployed alongside your workloads.

Overview

Highlights

Clientless, tunnel‑free access via standard browsers

Identity‑aware policy enforcement for each request

Deployable alongside applications for low latency

Integrates with common SSO/OpenID Connect providers

Pros

Eliminates need for corporate VPN
Fast connections without tunneling overhead
Granular per‑action verification improves security
Customizable policies integrate organizational data

Considerations

Requires deployment and management of proxy infrastructure
Learning curve for policy configuration
Not a full network‑level VPN replacement
Dependent on compatible identity provider integration

Managed products teams compare with

When teams consider Pomerium, these hosted platforms usually appear on the same shortlist.

Zscaler

Cloud-based zero trust security platform providing secure access to applications without traditional VPNs

Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.

Fit guide

Great for

Enterprises seeking zero‑trust access to internal web tools
Remote teams needing secure, clientless connectivity
Organizations that already use SSO/IdP solutions
Teams wanting to place security controls close to workloads

Not ideal when

Use cases demanding full network tunneling (e.g., legacy protocols)
Environments without an existing identity provider
Simple static sites that don’t require access control
Scenarios where latency is critical and a proxy adds an extra hop

How teams use it

Remote employee accesses internal dashboard

Securely logs in via SSO and reaches the dashboard without VPN, with policies enforcing role‑based access.

Third‑party vendor accesses a specific API

Vendor authenticates through the corporate IdP, and Pomerium grants time‑limited, context‑aware access to the API endpoint.

CI/CD pipeline calls internal service

Pipeline uses service‑account identity; Pomerium validates the request and forwards it, keeping internal services shielded from the public internet.

Zero‑trust segmentation for microservices

Microservices communicate through Pomerium, ensuring each request is authorized based on identity and request context.

Tech snapshot

Go97%

TypeScript2%

Jsonnet1%

Shell1%

Lua1%

Makefile1%

Frequently asked questions

What does “clientless” mean?

It means users do not need to install VPN clients; access is performed through standard web browsers or HTTP clients that are redirected through the proxy.

How is Pomerium different from a traditional VPN?

Unlike VPNs that create a network tunnel, Pomerium operates at the application layer, verifying each request against identity and policy before forwarding it, providing finer‑grained security without tunneling overhead.

Which identity providers are supported?

Pomerium integrates with common SSO providers such as Okta, Azure AD, Google Workspace, and any OpenID Connect‑compatible IdP.

Can I self‑host Pomerium?

Yes, the project is open source under Apache‑2.0 and can be deployed on‑premises or in any cloud environment; a hosted option called Pomerium Zero is also available.

Does Pomerium require a separate control plane?

The core proxy can run independently; for advanced management and GUI you may use the optional hosted control plane (Pomerium Zero), but it is not mandatory.

Project at a glance

Active

Visit site View repo

Stars: 4,533
Watchers: 4,533
Forks: 317

LicenseApache-2.0

Repo age6 years old

Last commit4 days ago

Primary languageGo

Last synced 4 days ago