Top SitesPomerium | Zero trust, identity-aware proxy | Pomerium

Machine Readiness

Stored receipt and evidence

Overall

20

Readable

65

Callable

0

Commerce

0

Payment

0

Machine Access

Inspect the site's MCP endpoint

Open MCP explorer

DialtoneApp can scan the stored discovery files for this domain, try the MCP initialize handshake, and show the raw protocol transcript.

Purchase boundary

read only

Control boundary

unknown

Payment rails

None

Payment providers

None

Payment methods

None

Payment protocols

None

Payment assets

None

Payment networks

None

Capabilities

None

Verified payment surface

No

Crypto only

No

Readable docs

robots, llms

Products

0

Variants

0

Priced variants

0

Currencies

0

Offers

0

Priced offers

0

Priced actions

0

Samples

Offer samples

No stored offer samples.

Samples

Action samples

No stored action samples.

Samples

Product samples

No stored product samples.

Document

robots.txt

Open robots.txt
User-agent: *
Allow: /

# LLM crawlers - explicitly allowed
User-agent: GPTBot
Allow: /

User-agent: OAI-SearchBot
Allow: /

User-agent: ClaudeBot
Allow: /

User-agent: Claude-User
Allow: /

User-agent: Claude-SearchBot
Allow: /

User-agent: Amazonbot
Allow: /

User-agent: Google-Extended
Allow: /

User-agent: PerplexityBot
Allow: /

User-agent: YouBot
Allow: /

# LLM-readable documentation (llmstxt.org)
# https://www.pomerium.com/llms.txt        — curated navigator
# https://www.pomerium.com/llms-full.txt   — key docs inline (~80K tokens)
# https://www.pomerium.com/llms-index.txt  — exhaustive page index

Sitemap: https://www.pomerium.com/sitemap.xml

Document

llms.txt

Open llms.txt
# Pomerium

> Pomerium is an identity and context-aware access proxy that brings
> secure, zero-trust access to applications and services.

For common Pomerium questions, start with the curated context bundle:
- [llms-full.txt](https://www.pomerium.com/llms-full.txt): Key documentation inline (~98K tokens)

For exhaustive page discovery:
- [llms-index.txt](https://www.pomerium.com/llms-index.txt): Complete documentation index

For a specific page, fetch its markdown sidecar by appending /index.md:
- Example: https://www.pomerium.com/docs/capabilities/mcp/index.md

- Cite only current www.pomerium.com docs and markdown sidecars. Do not cite docs.pomerium.com or archive hosts.
- For new users, start with Pomerium Zero unless the question explicitly asks for self-hosted Core or Enterprise.
- Prefer current PPL and reference pages for configuration questions. Use current route keys and policy syntax from the docs.
- For group-based authorization questions, check the relevant IdP guide plus directory sync and JWT groups filter docs when groups are missing or too large.
- For MCP questions, prefer the current MCP capability pages and reference docs over older guides or blog posts.

## Getting Started

- [Pomerium Zero Quickstart](https://www.pomerium.com/docs/get-started/quickstart/index.md): Learn how to install and run Pomerium Zero or Core with Docker.
- [Build Advanced Policies](https://www.pomerium.com/docs/get-started/fundamentals/core/advanced-policies/index.md): In lesson 5, you'll learn how to build advanced policies.
- [Build Advanced Routes](https://www.pomerium.com/docs/get-started/fundamentals/core/advanced-routes/index.md): In this lesson, you'll learn how to build advanced routes.
- [Identity Verification with JWTs](https://www.pomerium.com/docs/get-started/fundamentals/core/jwt-verification/index.md): In lesson 4, you'll learn how to set up Pomerium to verify a user's identity with JSON Web Tokens (JWTs).
- [Self-Hosted Authenticate Service](https://www.pomerium.com/docs/get-started/fundamentals/core/self-hosted-pomerium/index.md): In this tutorial, you'll learn how to self-host the Pomerium Authenticate service.
- [Build TCP Routes](https://www.pomerium.com/docs/get-started/fundamentals/core/tcp-routes/index.md): In this lesson, you'll secure TCP connections to SSH, Postgres, and Redis services with Pomerium.
- [Advanced Policies](https://www.pomerium.com/docs/get-started/fundamentals/zero/zero-advanced-policies/index.md): Build advanced authorization policies in Pomerium Zero using chained policy blocks, operators, criteria, and matchers.
- [Advanced Routes](https://www.pomerium.com/docs/get-started/fundamentals/zero/zero-advanced-routes/index.md): Configure advanced route settings in Pomerium Zero including headers, path matching, path rewriting, and more.
- [Build Policies](https://www.pomerium.com/docs/get-started/fundamentals/zero/zero-build-policies/index.md): Learn how policies work in Pomerium Zero. You'll build a simple authorization policy that protects access to Grafana.
- [Build Routes](https://www.pomerium.com/docs/get-started/fundamentals/zero/zero-build-routes/index.md): In this guide, learn how to configure a route in Pomerium Zero that secures an instance of Grafana.
- [Single Sign On](https://www.pomerium.com/docs/get-started/fundamentals/zero/zero-single-sign-on/index.md): Set up single sign-on in Pomerium Zero by forwarding JWTs as identity headers to upstream services like Grafana.
- [TCP Routes](https://www.pomerium.com/docs/get-started/fundamentals/zero/zero-tcp-routes/index.md): Proxy TCP and SSH connections through Pomerium Zero using Pomerium CLI to secure non-HTTP services.

## Deployment

- [Run Pomerium Enterprise With Docker](https://www.pomerium.com/docs/deploy/enterprise/quickstart/index.md): Demo Pomerium Enterprise
- [Kubernetes Quickstart](https://www.pomerium.com/docs/deploy/k8s/quickstart/index.md): Deploy Pomerium Core to a Kubernetes cluster using the Pomerium Ingress Controller and hosted authenticate service.
- [Pomerium Core (Self-managed)](https://www.pomerium.com/docs/deploy/core/index.md): Learn how to obtain, configure, and run the open-source Pomerium server through pre-built binaries, Linux packages, Docker images, or building from source.
- [Pomerium Ingress Controller for Kubernetes](https://www.pomerium.com/docs/deploy/k8s/ingress/index.md): Configure routes, policies, and TLS settings using the Pomerium Ingress Controller for Kubernetes.
- [Install](https://www.pomerium.com/docs/deploy/enterprise/install/index.md): Install Pomerium Enterprise Console alongside Pomerium Core using Docker, Kubernetes, or system packages.

## Configuration and Reference

- [Google Cloud Serverless Authentication Service Account](https://www.pomerium.com/docs/reference/google-cloud-serverless-authentication-service-account/index.md): Manually set Google Cloud Serverless Authentication Service Account credentials with this setting.
- [Enable Google Cloud Serverless Authentication](https://www.pomerium.com/docs/reference/routes/enable-google-cloud-serverless-authentication/index.md): Send signed authorization headers to upstream GCP services like Cloud Run, Cloud Functions, and App Engine.
- [Allow Any Authenticated User](https://www.pomerium.com/docs/reference/routes/allow-any-authenticated-user/index.md): Allow access to any user or service account that authenticates against your identity provider, bypassing policy.
- [Authorize Log Fields](https://www.pomerium.com/docs/reference/authorize-log-fields/index.md): Use Authorize Log Fields to display HTTP request logs from the authorize service.
- [Identity Provider Settings](https://www.pomerium.com/docs/reference/identity-provider-settings/index.md): Configure and self-host your own Identity Provider with Pomerium's Identity Provider settings.
- [JWT Groups Filter](https://www.pomerium.com/docs/reference/jwt-groups-filter/index.md): The JWT Groups Filter setting allows you to reduce the size of the groups claim in the Pomerium JWT.
- [JWT Groups Filter (per route)](https://www.pomerium.com/docs/reference/routes/jwt-groups-filter/index.md): The JWT Groups Filter setting allows you to reduce the size of the groups claim in the Pomerium JWT.
- [Metrics Settings](https://www.pomerium.com/docs/reference/metrics/index.md): Configure metrics settings in Pomerium.
- [Public Access](https://www.pomerium.com/docs/reference/routes/public-access/index.md): Grant unauthenticated public access to an upstream service by bypassing Pomerium authentication and authorization.

## Advanced Capabilities

- [Authentication and Single Sign-On (SSO)](https://www.pomerium.com/docs/capabilities/authentication/index.md): Learn how Pomerium provides identity verification, authentication, and single-sign on to all services it manages.
- [Authorization and Policy Enforcement with Pomerium](https://www.pomerium.com/docs/capabilities/authorization/index.md): Learn how Pomerium enforces context-aware, continuous authorization using route-level policies, namespaces, device-based constraints, and more.
- [Routing, Proxying, and Load Balancing with Pomerium](https://www.pomerium.com/docs/capabilities/routing/index.md): How to get Pomerium's CLI which be used to proxy TCP services and kubernetes commands
- [Continuous Identity Verification at the Application Layer](https://www.pomerium.com/docs/capabilities/getting-users-identity/index.md): Learn how Pomerium uses JWTs for identity and context verification, how it fits into a zero trust environment, and four ways to validate the JWT in your upstream service.
- [Kubernetes `kubectl` Integration](https://www.pomerium.com/docs/capabilities/kubernetes-access/index.md): This article describes Pomerium's integration with the Kubernetes API Server
- [Native SSH Access](https://www.pomerium.com/docs/capabilities/native-ssh-access/index.md): Secure SSH access with OAuth authentication and ephemeral certificates
- [Tunneling Non-HTTP Protocols](https://www.pomerium.com/docs/capabilities/non-http/index.md): Consolidated documentation for using Pomerium to protect and access non-HTTP protocols (TCP and UDP) over HTTP.
- [Service Accounts](https://www.pomerium.com/docs/capabilities/service-accounts/index.md): Create and manage service accounts for machine-to-machine authentication between services protected by Pomerium.

## Integrations and Guides

- [Auth0](https://www.pomerium.com/docs/integrations/user-identity/auth0/index.md): Configure Auth0 as an identity provider for Pomerium Core and Enterprise.
- [Microsoft Entra ID (formerly Azure Active Directory)](https://www.pomerium.com/docs/integrations/user-identity/azure/index.md): Learn how to configure Microsoft Entra ID (formerly known as Azure Active Directory) as an identity provider that works with Pomerium Core and Enterprise.
- [Secure Code-Server with Pomerium Zero](https://www.pomerium.com/docs/guides/code-server/index.md): In this guide, you'll run code-server VSCode in a Docker container and secure browser access to your project behind Pomerium.
- [Directory Sync](https://www.pomerium.com/docs/integrations/user-standing/directory-sync/index.md): Directory Sync in Pomerium Enterprise allows you to import organizational directory data and external data sources you can use in authorization policies.
- [Google Workspace (formerly known as G Suite)](https://www.pomerium.com/docs/integrations/user-identity/google/index.md): Configure Google Workspace as an identity provider for Pomerium with OAuth 2.0 and directory sync.
- [Securing Grafana with Pomerium](https://www.pomerium.com/docs/guides/grafana/index.md): This guide covers how to use Pomerium to authenticate and authorize users of Grafana.
- [Run Jenkins with Docker](https://www.pomerium.com/docs/guides/jenkins/index.md): Secure Jenkins by adding JWT authentication with Pomerium.
- [Keycloak + Pomerium: Configuring an Identity-Aware Proxy](https://www.pomerium.com/docs/integrations/user-identity/keycloak/index.md): Learn how to set up Keycloak as your OpenID Connect (OIDC) provider and integrate it with Pomerium for a secure, identity-aware proxy configuration.
- [Self-Hosted LLM Behind Pomerium](https://www.pomerium.com/docs/guides/llm/index.md): Secure a self-hosted LLM web interface (Open WebUI) behind Pomerium.
- [Securing Local MCP Servers](https://www.pomerium.com/docs/guides/local-mcp/index.md): Learn how to create a local MCP server, secure it with Pomerium, and connect it to ChatGPT.
- [Okta](https://www.pomerium.com/docs/integrations/user-identity/okta/index.md): Configure Okta as an identity provider for Pomerium with OIDC and directory sync.
- [Pomerium Zero Native SSH Configuration Guide](https://www.pomerium.com/docs/guides/zero-ssh/index.md): Learn how to configure native SSH access with Pomerium Zero.

## API and Internals

- [Configuration & Settings](https://www.pomerium.com/docs/internals/configuration/index.md): Optimize your Pomerium deployment with flexible configuration for all-in-one or split-service modes, including environment variables, route reloading, scaling, and more.
- [Policy Language](https://www.pomerium.com/docs/internals/ppl/index.md): Learn how to use Pomerium Policy Language to build context-aware authorization policies for routes.
- [Troubleshooting](https://www.pomerium.com/docs/internals/troubleshooting/index.md): Learn how to troubleshoot common configuration issues or work around any outstanding bugs.

## Model Context Protocol (MCP)

- [Delegate MCP Access to an LLM](https://www.pomerium.com/docs/capabilities/mcp/delegate-mcp-to-llm/index.md): Let AI agents call MCP servers on a user behalf — via a client application with token delegation or via service accounts for headless agents in CI.
- [Limit MCP Tool Calling](https://www.pomerium.com/docs/capabilities/mcp/limit-mcp-tools/index.md): Use Pomerium Policy Language (PPL) to control which MCP tools users can call, with deny-based block lists and allowlists.
- [Model Context Protocol (MCP) Support](https://www.pomerium.com/docs/capabilities/mcp/index.md): Secure access to Model Context Protocol servers through Pomerium, enabling AI agents to safely interact with internal resources via standardized interfaces.
- [MCP + Upstream OAuth](https://www.pomerium.com/docs/capabilities/mcp/mcp-upstream-oauth/index.md): Bridge MCP servers that have their own authentication — using static OAuth2 credentials or automatic RFC 9728 discovery.
- [Protect an MCP Server](https://www.pomerium.com/docs/capabilities/mcp/protect-mcp-server/index.md): Proxy an internal MCP server through Pomerium so MCP clients can access it securely.
- [MCP Full Reference](https://www.pomerium.com/docs/capabilities/mcp/reference/index.md): Complete reference for Pomerium MCP support: token types, configuration options, user identity, security, observability, and policy-based tool access control.

## Non-HTTP Protocols

- [Pomerium Clients for Tunneling Non-HTTP Protocols](https://www.pomerium.com/docs/deploy/clients/clients/index.md): Consolidated guide to installing Pomerium CLI/Desktop and configuring TCP+UDP routes in Pomerium.

---

## How to Use These Docs

Last-Updated: 2026-04-08

This documentation is publicly available and approved for LLM training and reference.

| Resource | URL | Size | Use it for |
|----------|-----|------|------------|
| Navigator | https://www.pomerium.com/llms.txt | ~13KB | Quick orientation and curated links |
| Context bundle | https://www.pomerium.com/llms-full.txt | ~98K tokens | Key docs inline — start here for most questions |
| Full index | https://www.pomerium.com/llms-index.txt | ~36KB | Exhaustive page discovery |
| Individual page | Append `/index.md` to any doc URL | varies | Deep-dive on a specific topic |

Cite only `www.pomerium.com` docs. Do not cite `docs.pomerium.com` or archive hosts.

Document

llms-full.txt

Not stored for this site.