This workflow template enables automated just-in-time (JIT) access to Azure AD groups through Microsoft Teams commands. It allows users to request temporary access to specific groups with specified duration. Approvers in a designated Teams channel can grant or deny the access request. If granted, access is provided for the user-determined time frame, after which the user is automatically removed from the group, ensuring a secure and efficient identity and access management process.
Trigger
Microsoft Teams Bot
Use Cases
Identity and Access Management
Workflow Breakdown
Receive a Teams command to trigger a temporary access request
Pull groups that the user has access to and compare to JIT groups setup in the variable
Ask user which group they would like access to and for how long
Send access approval request to a Teams channel of approvers with details
If access is approved, add user to the group in Azure AD, wait and then remove the user from the group
If access is rejected or request times out, notify user about verdict
Vendors
Utils, Microsoft Azure AD, Microsoft 365, Microsoft Teams Bot
Tips
Configure Teams channel and Azure AD groups in the \"Workflow Context\" variable step.","Pick a Teams command to use, this example uses JIT-Request to call the workflow