Sign inRequest DemoTry for free

JIT Access Requests

Audit and limit access to sensitive Resources using just-in-time approval workflows that grant temporary access on request.

JIT Access Requests provide an audited, just-in-time access workflow for all or specific Groups assigned to a Resource. Use JIT access to audit and limit access to sensitive Resources that should only require temporary access. Requests can be auto-approved or require explicit approval from an Admin or Access Reviewer.

User Experience

When Access Requests are enabled for a Group’s assignment to a Resource, users in that Group see the Resource in the Client but cannot access it. The Resource state is locked until access is approved.

Users can request access by navigating to the Resource address or selecting Authenticate from the Resource’s submenu in the Client. This opens an access request page in the browser.

The access request page that users see in the browser after selecting Authenticate on a JIT-protected Resource
The access request page that users see in the browser after selecting Authenticate on a JIT-protected Resource

If auto-approval is enabled, users can access the Resource immediately after submitting their request. If manual approval is required, the user receives an email notification once an Admin or Access Reviewer has approved or denied the request.

Configuration

Access Requests can be configured at the Resource level and within specific Group assignments. When configured at the Resource level, the settings become the default for all Group assignments. Individual Group assignments can override the Resource-level configuration.

The screenshot below shows a Resource configured for 12-hour access periods with auto-approval.

A Resource detail page showing JIT access configured for 12-hour access periods with auto-approval
A Resource detail page showing JIT access configured for 12-hour access periods with auto-approval

Two settings are available when configuring Access Requests:

  • The access period granted for successful requests
  • The approval method
Access Request settings on a Resource showing the access period and approval method options
Access Request settings on a Resource showing the access period and approval method options

Access Period

Choose a preset access period, or select Custom Request to let users specify a duration when submitting their request. Custom requests allow any duration up to 7 days.

The access period dropdown showing preset durations and the Custom Request option
The access period dropdown showing preset durations and the Custom Request option

Approval Method

Choose between manual approval or auto-approval. With manual approval, an Admin or Access Reviewer must approve each request. With auto-approval, users approve themselves but must supply a reason for access.

The approval method options showing manual approval and auto-approval
The approval method options showing manual approval and auto-approval

Tracking Access

To see configuration details and the current status of users’ access, download a summary from the Resource, Group, or User page.

The usage-based access page covers the report contents in detail.

Reviewing and Delegating Requests

Details are covered under Reviewing Access Requests.

Last updated 7 days ago