Custom Resource

The Custom Resource integration is designed to let you securely manage access to external or on-premise applications. Whenever a user is granted or revoked access through P0, your configured endpoint will be invoked automatically — giving you full control over how that access is provisioned or removed in your own systems.

The Custom Resource integration leverages AWS Lambda or Google Cloud Run to invoke your external applications securely and flexibly. This approach offers several key advantages:

• No credentials to manage: Authentication is handled via IAM or identity tokens, so there's nothing to rotate or store.

• Full control: You can filter, transform, or enrich the data before it reaches your downstream systems.

• Easier debugging: Logs live in your cloud environment, making it easy to trace, monitor, and troubleshoot.

• Zero infrastructure lock-in: Use any language or runtime your service supports — it's just a web endpoint.

• Scales with your needs: Cloud-native scaling handles bursty workloads without pre-provisioning.

Both deployment methods will receive the same standardized event payload, as defined by our OpenAPI specification. This makes it easy to reuse the same logic across environments or switch providers later with minimal effort.

Set up Custom Resource Integration

Configuration Parameters

These parameters are configured by you during setup.

The examples use an integration that connects users to an internal application for customer administration at a multi-tenant B2B company.

* Identifiers in P0 do not allow whitespace. By convention use camel-casing. Not visible to users.

OpenAPI Specification

This specification describes the API endpoint you must implement to create a custom resource integration in P0.