Pomerium v0.30 brings powerful new capabilities to teams building for a zero trust future, including:

• Native SSH Access

• Secure access for Agentic AI and Model Context Protocol (MCP) workflows

• A seamless way to solve cross-origin authentication across multi-domain apps

• Improved performance and observability for scaled deployments

• Multi-cluster control plane with Clusters for Enterprise

What’s New

Native SSH Access

Native SSH Access Privileged access sessions are high-stakes moments. To meet SOC2, HIPAA, or FedRAMP requirements, you need visibility into who accessed what, when, and what they did regardless of what protocol they’re using. Pomerium now supports native, clientless SSH — no extra agents required. What it looks like: Standard SSH/SCP/SFTP clients work out of the box Pomerium handles authentication via your IdP, signs user certificates, and routes connections to your upstream server

Continuous authorization means sessions can be terminated in real-time if the user's policy context changes. This feature bridges a major gap for security-conscious teams — especially those in regulated industries — and moves Pomerium closer to lightweight PAM functionality without the operational overhead of traditional PAM stacks.

Ready to simplify secure shell access without sacrificing compliance or control? Get started with native SSH in Pomerium by visiting the docs: Native SSH Access

Pomerium Agentic (With MCP Support)

We’ve officially released our beta agentic gateway. The spec and standards are moving quickly. Are you actively scoping or building agentic capabilities? We’re looking for design partners to collaborate with in this exciting space.

AI agents are executing workflows, connecting to internal APIs, and acting on behalf of users. But today’s agent infrastructure lacks real security guardrails.

With this release, Pomerium becomes the security gateway for agentic access.

You can now:

• Protect any HTTP-based MCP tool using Pomerium's proxy and policy engine

• Enforce fine-grained authorization on every agent interaction (down to method, path, or tool function)

• Propagate signed JWT assertions with user identity and group context

• Maintain centralized audit logs and metrics for agent requests

This solves a critical challenge in the MCP ecosystem — the lack of consistent, scalable, and enterprise-ready authentication and authorization. Avoid building per-tool security logic and keep policy enforcement in one place with Pomerium.

Agents work seamlessly with your identity provider. Tools validate identity using Pomerium’s JWT. Security teams get audit trails and consistent policy across tools.

For teams exploring AI agents in production, Pomerium unlocks a secure, scalable path forward.

Curious how Pomerium secures agentic workflows? Learn more from our Model Context Protocol Support documentation or email us about becoming a design partner.

Additional Login Redirect Hosts

Apps are getting more distributed — frontend on one domain, backend on another, with a dashboard on a third. But during login, cross-origin requests often break unless every domain has the right session cookie.

Pomerium v0.30 introduces a new option for addressing CORS issues.

Here’s how it works:

• During login, Pomerium performs additional redirects to pre-establish sessions on other domains

• Up to five domains can be included in the dependency chain

• Users only log in once — and everything “just works” after that

This eliminates the need for brittle workarounds like proxying API calls or manually hitting multiple domains.

It’s seamless, secure, and fully configurable at the route level.

Want to eliminate cross-origin login headaches? Learn how to configure additional login redirect hosts in our documentation: Additional Login Redirect Hosts

Performance and Observability

Pomerium is used by organizations small and large to power mission critical access. Whether you have thousands of upstream routes or hundreds of thousands of concurrent connections, Pomerium is able to secure your workloads.

Pomerium v0.30 includes various performance optimizations to ensure consistent and scalable access even under heavy load. This release introduces smarter caching strategies that reduce the frequency of high-latency policy and identity lookups, resulting in lower end-to-end request times and improved reliability for bursty or large-scale traffic patterns.

To support better insight into system behavior and facilitate proactive monitoring, we’ve added several new Prometheus metrics. These include detailed cache hit/miss rates for the authorization service, Directory Sync refresh latency, request evaluation durations, and database connection metrics. These enhancements give operators the visibility they need to fine-tune deployments, set more precise alerts, and quickly troubleshoot performance bottlenecks.

To learn more about the new metrics and how to integrate them into your observability stack, check out the full list in our documentation: Pomerium Metrics Reference.

Clusters for Enterprise

Managing access at scale often means managing across environments. Dev. Staging. Production. Isolated regions or business units.

With this release, Pomerium Enterprise now supports Clusters, built for managing multiple independent Pomerium Core deployments from a single control plane.

• Each cluster is its own full installation of Pomerium Core

• All configuration is controlled centrally via the Enterprise Console

• Changes stream down in real time to the connected cluster

• Each cluster runs against its own state backend, ensuring isolation and resilience

This is ideal for organizations that need environmental separation, want to enforce least privilege per deployment, or simply want to keep things clean and loosely coupled.

Clusters reduce operational friction while preserving flexibility — especially for enterprises with multiple infrastructure stacks or regional compliance requirements.

Upgrade Notes

The full v0.30.0 release notes are available on GitHub and upgrade guides are available for previous versions.

What’s Next

With v0.30, Pomerium continues to evolve as the foundation for secure, identity-aware access across apps, protocols, and now autonomous agents.

We're expanding support for agentic access on even deeper protocol support, command-level restrictions, and broader telemetry to give teams the tools they need to secure modern infrastructure.

If you're building AI workflows, managing cross-domain apps, or replacing legacy access tools, now’s a great time to try Pomerium.

Have feedback or questions? We’d love to hear from you.

→ Get started
→ GitHub repo