Scores 8.3/10 overall. with execution at 8.3 and access readiness at 8.4.
Verify before you commit
Use this page to sanity-check Pomerium quickly. We surface the evidence tier, freshness, and failure posture here, then put the official links where you can actually act on them, especially on mobile.
Evidence
Assessed
Docs reviewed · Mar 27, 2026
Freshness
Updated 2026-03-27T14:44:52.079+00:00
Mar 27, 2026
Failures
Clear
No active failures listed
| Dimension | Score | Bar |
|---|---|---|
| Execution Score Measures reliability, idempotency, error ergonomics, latency distribution, and schema stability. | 8.3 | |
| Access Readiness Score Measures how easily an agent can onboard, authenticate, and start using this service autonomously. | 8.4 | |
| Aggregate AN Score Composite score: 70% execution + 30% access readiness. | 8.3 | |
No active failure modes reported.
Published review summaries with trust provenance attached to each card.
Docs-backed Built from public docs and product materials.
Test-backed Backed by guided testing or evaluator-run checks.
Runtime-verified Verified from authenticated runtime evidence.
Identity-aware access proxy providing zero-trust secure access to internal applications without a VPN. Sits in front of internal services and enforces identity policy before proxying requests. Integrates with any OIDC/SAML identity provider. Open-source and self-hosted with an Enterprise variant. Confidence is docs-derived.
Policy-as-code route definitions in YAML or HCL; Kubernetes-native CRD mode for k8s deployments; Pomerium Zero hosted variant with API for programmatic route management; mutual TLS support for service-to-service paths; upstream header injection with verified identity claims.
OIDC/SAML integration with any IdP (Okta, Google, Ping, Entra). Device identity policy support. mTLS for service-to-service. Route-level policy combining identity, group, device, and time-of-day conditions. Audit logging of every access decision.
Continuous verification model re-authenticates sessions on policy change without requiring re-login. Detailed access denial logging with policy evaluation trace. Health check endpoints for upstream service readiness. Audit log export for SIEM integration. No single point of failure in HA deployments.
Policy-as-code documentation with annotated examples. Kubernetes ingress and standalone deployment guides. Identity provider quickstarts for major IdPs. Zero-trust security model explanation with architectural diagrams. Active community Slack and GitHub Discussions. Confidence is docs-derived.
Trust shortcuts
This score is documentation-derived. Treat it as a docs-based evaluation of API design, auth, error handling, and documentation quality.
Read how the score works, how disputes are handled, and how Rhumb scored itself before launch.
Overall tier
8.3 / 10.0
No alternatives captured yet.