This Torq workflow template, named "Just-in-time access to Group Membership in PingOne," automates the process of granting temporary access to resources within an organization. The workflow is triggered by a Slack command, followed by a series of checks and requests to manage user access via PingOne. It allows users to request access to specific groups, for a set period of time, which then requires approval from a designated Slack channel. If approved, the user is added to the requested group in Azure AD and subsequently removed after the specified duration. This workflow streamlines identity and access management, enhancing security and efficiency.
Trigger
Slack
Use Cases
Identity and Access Management
Workflow Breakdown
Receive a Slack command to trigger a temporary access request
Pull groups that the user has access to and compare to JIT groups setup in the variable
Ask user which group they would like access to and for how long
Send access approval request to a Slack channel of approvers with details
If access is approved, add user to the group in Azure AD, wait and then remove the user from the group
If access is rejected or request times out, notify user about verdict
Vendors
Slack, Utils, PingOne
Tips
Configure the Slack Channel and PingOne groups in the \"Workflow Context\" variable step.","Pick a Slack command to use, this example uses \"JIT-Ping\" to call the workflow in Slack