Ephemeral Access

Ephemeral Access grants temporary access to specific users or Groups within a defined time window. In the Admin Console, you configure it through the Set Expiration option on a Group’s access to a Resource. Once set, the Group displays an Expires [date] pill, and when the expiration is reached the Group is automatically removed from the Resource. Users in that Group lose access at that point.

Configuring Ephemeral Access

You can configure Ephemeral Access from either a Resource or Group page. The expiration time can be set to any point from one hour to one year from the current date.

Changes to expiration times appear in the Access category of the audit logs in the Admin Console.

From a Resource Page

When granting access to a new Group, click Set Expiration in the access configuration to open the date picker. Choose a date and time, click Set Expiration Time to apply, then click Grant Access to finish adding the Group. The Group’s row will then display an Expires [date] pill.

To set or modify an expiration on a Group that already has access, click the options menu on the Group’s row and select Set Expiration. The same date picker appears, and you can use the Remove Expiration link inside it to clear an existing expiration without removing the Group’s access.

From a Group Page

From a Group’s detail page, the same patterns apply. When adding a new Resource to the Group, click Set Expiration in the access configuration. For Resources the Group already has access to, use the options menu to access Set Expiration. Resources with an active expiration display the Expires [date] pill.

When to Use Ephemeral Access

Common use cases include projects with a defined end date, contractor engagements with a fixed duration, and “break glass” scenarios where a team requires access to a sensitive Resource for a limited time.