Pomerium logo
Log In Contact Sign Up
Mobile Menu
Products
Pomerium Zero Pomerium Enterprise
Mobile Menu
Use Cases
VPN Replacement Secure Remote Access Zero Trust Application Access Clientless Access Continuous Verification Context-Aware Access Secure Kubernetes
Pricing
Mobile Menu
Resources
Comparisons Integrations Blog eBooks Glossary Customer Stories
Mobile Menu
Docs
Get Started with Zero Quickstart Fundamentals Architecture Changelog Guides Discuss Forum GitHub

Pricing

Zero for personal use

For individuals and hobbyists looking for a better solution than a VPN.

Pomerium Zero enables secure, remote application access, with a managed control plane that streamlines setup and management and a self-hosted reverse proxy that keeps your data secure and under your control.

Free
Get Started
Zero for business use

For teams and companies looking to replace VPNs and improve their security posture.

With increased limits from the personal plan, Zero for business meets your compliance needs with a self-hosted data plane to ensure your data remains in your control, and a hosted control plan to simplify setup and management.

$7
per user / month
billed annually
($9 per user billed monthly)
Start Free Trial
Enterprise

For large organizations that need a fully self-hosted, on-premise solution.

Pomerium Enterprise enables fully self-hosted, secure remote access to applications, with full access to the Pomerium API. With additional support and no usage limits, Pomerium Enterprise is the best option for scalable zero-trust application access.

Custom
Contact Us
Key Features
Personal Free
Business $7/User/Mo (Annually)
Enterprise Contact Us
Web-based, secure application access
Pomerium enables web-based, secure application access without a VPN or any client-side software.
Self hosted data plane
Your data stays secure and within your control because you host Pomerium's reverse proxy.
Unified control plane
With Pomerium you get an easy to navigate UI to manage the users, routes and policies.
Managed
Managed
Self-Hosted
Custom Domains
Bring your own domain name and let Pomerium manage TLS certificates for you.
1
5
Admin users
Admins can manage global settings, sessions, service accounts, as well as view events and runtime data.
1
20
Service accounts
Used to authenticate machine-to-machine communication between services protected by Pomerium.
2
20
Policies
Write granular authorization policies with Pomerium's policy builder UI.
5
100
Routes
Routes are the building block for enabling authorization and proxying with Pomerium.
10
100
Automatic TLS certificate issuance
We've simplified certificate issuance and management via our integration with LetsEncrypt.
10
100
Users
Number of people that will be accessing applications secured by Pomerium.
10
1000
Multi Cluster support
Manage multiple separate Pomerium deployments at once.
5
Plug-in support for additional sources of user context
Pull in data from 3rd party sources for rich authorization policies, including Device Identity, Device Posture and Identity Access Management policies.
Namespaces
Namespaces allow you to organize your routes and policies by teams or groups.
Hierarchical authorization policies
Make setting up permissions easier and faster with inheritable authorization policies.
Role Based Access Control (RBAC)
Organizational units to help manage authorization at the application level.
Simple
Ability to set RBAC on clusters and routes.
Simple
Ability to set RBAC on clusters and routes.
Advanced
Ability to layer permissions, and RBAC policies. Good when managing multiple application teams, and roles.
Branded console, error and utility pages
Customize Pomerium's UI with your organization's logo and color scheme.
Interfaces
Personal Free
Business $7/User/Mo (Annually)
Enterprise Contact Us
UI
CLI
API for programmatic management
Service account user required to manage
Access Control Parameters
Personal Free
Business $7/User/Mo (Annually)
Enterprise Contact Us
SSO support
See supported IdPs on our Integrations page, use our Hosted Authenticate Service, or bring your own.
Support for JSON Web Tokens (JWTs)
Add mutual authentication and additional security at the application level.
JWT verification SDKs
TCP-over-HTTP based, secure server access
SSH-over-HTTP based, secure server access
mTLS support
Full identity provider data sync
Team Management & Governance
Personal Free
Business $7/User/Mo (Annually)
Enterprise Contact Us
Simple access control criteria
Policies can use group, user, domain attributes.
Comprehensive access control criteria
Policies can use user, group, domain, date, time, duration, request context, device context (mTLS), multi-factor auth status and other attributes.
Metrics and reporting available via admin console
Centrally view and manage access via admin console
Policy builder UI
Self-service support for application owners
Application owners are able to self-manage their own apps and services
In-console telemetry
Dynamic authorization policy as code
Using OPA’s policy language rego
Reporting & Compliance
Personal Free
Business $7/User/Mo (Annually)
Enterprise Contact Us
Access logs
Audit logs
Audit reports
Deployment history
Deployment events
Traffic reports
Support
Personal Free
Business $7/User/Mo (Annually)
Enterprise Contact Us
Community forum
Join the community forum and learn from other Pomerium users!
Email support
Dedicated Slack channel
Phone support
Dedicated customer success manager
Get Started
Start Free Trial
Contact Us
Personal Free
Business $7/User/Mo (Annually)
Enterprise Contact Us
Web-based, secure application access
Self hosted data plane
Unified control plane
Managed
Managed
Self-Hosted
Custom Domains
1
5
Admin users
1
20
Service accounts
2
20
Policies
5
100
Routes
10
100
Automatic TLS certificate issuance
10
100
Users
10
1000
Multi Cluster support
5
Plug-in support for additional sources of user context
Namespaces
Hierarchical authorization policies
Role Based Access Control (RBAC)
Simple
Ability to set RBAC on clusters and routes.
Simple
Ability to set RBAC on clusters and routes.
Advanced
Ability to layer permissions, and RBAC policies. Good when managing multiple application teams, and roles.
Branded console, error and utility pages
UI
CLI
API for programmatic management
SSO support
Support for JSON Web Tokens (JWTs)
JWT verification SDKs
TCP-over-HTTP based, secure server access
SSH-over-HTTP based, secure server access
mTLS support
Full identity provider data sync
Simple access control criteria
Comprehensive access control criteria
Metrics and reporting available via admin console
Centrally view and manage access via admin console
Policy builder UI
Self-service support for application owners
In-console telemetry
Dynamic authorization policy as code
Access logs
Audit logs
Audit reports
Deployment history
Deployment events
Traffic reports
Community forum
Email support
Dedicated Slack channel
Phone support
Dedicated customer success manager
Get Started
Start Free Trial
Contact Us
Looking for Pomerium Core?

FAQ

Need answers?
We are here to help.

What is Pomerium?

Pomerium is an identity-aware proxy that enables secure access to internal applications. Pomerium provides a standardized interface to add access control to applications regardless of whether the application itself has authorization or authentication baked-in. Pomerium gateways both internal and external requests, and can be used in situations where you’d typically reach for a VPN.

Why should I care about whether components are self-hosted or managed?

Regardless of which plan you choose, the core of Pomerium is a self-hosted data plane that sits in your environment. The reason this matters is because this ensures that your sensitive data is never transmitted through a third-party tool, like a VPN, and stays inside your infrastructure. With Pomerium Zero, we provide a managed control plane, which makes it easy for you to configure policies and routes, manage users and report on usage across your Pomerium deployment.

What layer are you securing?

Pomerium provides layer 7 security. See our post to learn more about layer 7 vs layer 3 & 4 security models (link).

Is Pomerium a VPN?

No, unlike many solutions that are simply repackaged VPNs, Pomerium is an identity-aware proxy that does not rely on clients or tunnels to provide access.

Do you log my traffic?

No, unlike VPN solutions, Pomerium does not log, inspect, or even have visibility into network traffic. We provide AuthN and AuthZ to your applications via the context you provide, and verify those signals against your policies.

Are you claiming to be Zero Trust?

We are not claiming to be Zero Trust, we are Zero Trust. Many vendors in the space claim to be zero trust solutions when in fact their trust model is easily compromised via stolen credentials or stolen tokens. Pomerium's model requires that every single action a user takes is re-evaluated in context of what that user is doing.

Can I use Pomerium for free?

Yes! Pomerium Zero is free for personal use, and we also offer Pomerium Core, our open source version. We’re confident you’ll love whichever plan you are on.

I have a question you don’t answer here.

No problem. Contact our team at support@pomerium.com, and we’ll gladly help.

Revolutionize
Your Security

Embrace Seamless Resource Access, Robust Zero Trust Integration, and Streamlined Compliance with Our App.

Try Now

Company

About Privacy Policy Terms of Service

Quicklinks

Comparisons Integrations Customer Stories Resources Docs

Stay Connected

Stay up to date with Pomerium news and announcements.

Pomerium logo
© 2024 Pomerium. All rights reserved