Pomerium Routes Portal
The Pomerium Routes Portal allows a user to see all the routes they have access to and easily navigate or connect to them. The Routes Portal is personalized for each user based on their authorization to the configured routes. For non-HTTP routes, such as SSH or plain TCP connections, the portal provides corresponding Pomerium CLI commands that can be used to connect to the resources.
We recommend using the Routes Portal to help onboard new users to Pomerium and to provide a central location for users to access all their resources.
Ways of Accessing the Routes Portal
The Routes Portal is available in the following ways:
- Web Page - Generally useful for quickly navigating to available web applications or identifying non-HTTP CLI commands
- Desktop Client - Best for setting up non-HTTP connections such as SSH or databases
- CLI - Can be used programmatically to list routes and then connect to them
- JSON API - Can be used to integrate with your own systems and processes
The Routes Portal is available on all Pomerium cluster domains. New users should contact their Pomerium administrator to identify their organization's Pomerium domain. The domain could be a Pomerium provided domain such as curious-cat-9999.pomerium.app
or a custom domain.
Web Page
The web page version of the Routes Portal is accessible via a web browser at https://<your-pomerium-domain>/.pomerium/routes
. Accessing the page when not authenticated will redirect you to the configured Identity Provider for authentication. Once logged in, you will see a list of all the routes you have access to.
Desktop Client
The Pomerium Desktop Client can automatically create connections using the Routes Portal. While static route lists can be exported, shared, and imported by users looking to set up their Pomerium Desktop Client, the portal provides a more dynamic way of loading available route configuration. After providing your Pomerium cluster domain, the Desktop Client will automatically load all the routes you have access to. You may optionally specify a tag for the loaded routes to identify the ones created by this process.
The Desktop Client does not automatically update the routes list when changes are made to the Pomerium configuration. An updated routes list can be loaded by performing the same process again.
CLI
The Pomerium CLI can list routes via the routes list
subcommand:
pomerium-cli routes list https://<your-pomerium-domain>
JSON API
Accessible via a JSON API at https://<your-pomerium-domain>/.pomerium/api/v1/routes
{
"routes": [
{
"id": "c7cc6f3995e8c6e4",
"name": "postgres",
"type": "tcp",
"from": "tcp+https://postgres.curious-cat-9999.pomerium.app:5432",
"description": "",
"connect_command": "pomerium-cli tcp postgres.curious-cat-9999.pomerium.app:5432"
},
{
"id": "2116ef165e888f1a",
"name": "verify",
"type": "http",
"from": "https://verify.curious-cat-9999.pomerium.app",
"description": ""
}
]
}
FAQ
Is the Routes Portal publicly available?
Yes, the Routes Portal is publicly available, but only authenticated users will be able to see the routes they have access to. Unauthenticated users will be forced to authenticate.
Can I disable the Routes Portal?
No, the Routes Portal is a core feature of Pomerium and cannot be disabled. If you have concerns about the security of the portal, please contact security@pomerium.com.
Can I customize the Routes Portal?
The routes which are displayed in the Routes Portal are based on the user's authorization and can be controlled by modifying the applied Pomerium policies for each given route. If you are interested in further customization, please contact support@pomerium.com
How can I find my Routes Portal domain?
The Routes Portal is available on all Pomerium cluster domains. If you know the URL of one of your routes, the domain of this route is your Pomerium domain.
New users should contact their Pomerium administrator to identify their organization's Pomerium domain. The domain could be a Pomerium provided domain such as curious-cat-9999.pomerium.app or a custom domain configured by an administrator.