Skip to main content
All CollectionsTemplatesIntermediate
Just-in-time access to Group Membership in PingOne - Workflow Template
Just-in-time access to Group Membership in PingOne - Workflow Template

Trigger on a Slack command where a user asks for temporary access to resources based on group membership via PingOne with approval.

Updated over a week ago

This Torq workflow template, named "Just-in-time access to Group Membership in PingOne," automates the process of granting temporary access to resources within an organization. The workflow is triggered by a Slack command, followed by a series of checks and requests to manage user access via PingOne. It allows users to request access to specific groups, for a set period of time, which then requires approval from a designated Slack channel. If approved, the user is added to the requested group in Azure AD and subsequently removed after the specified duration. This workflow streamlines identity and access management, enhancing security and efficiency.

Trigger

Slack

Use Cases

Identity and Access Management

Workflow Breakdown

  1. Receive a Slack command to trigger a temporary access request

  2. Pull groups that the user has access to and compare to JIT groups setup in the variable

  3. Ask user which group they would like access to and for how long

  4. Send access approval request to a Slack channel of approvers with details

  5. If access is approved, add user to the group in Azure AD, wait and then remove the user from the group

  6. If access is rejected or request times out, notify user about verdict

Vendors

Slack, Utils, PingOne

Tips

Configure the Slack Channel and PingOne groups in the \"Workflow Context\" variable step.","Pick a Slack command to use, this example uses \"JIT-Ping\" to call the workflow in Slack

Did this answer your question?