Skip to main content
All CollectionsTemplatesBasic
Just-In-Time Access to Group Membership in Active Directory - Workflow Template
Just-In-Time Access to Group Membership in Active Directory - Workflow Template

Trigger on a Slack command where a user asks for temporary access to a group in Active Directory with approval from a Slack channel.

Updated over a week ago

This Torq workflow template enables businesses to streamline temporary access requests for their employees through a Slack-triggered workflow. Users can request Just-In-Time (JIT) access to specific groups within Active Directory. The workflow reviews user group memberships, obtains access approval through a designated Slack approval channel, and then grants temporary group access in Azure AD accordingly. Access is automatically revoked after an approved duration, ensuring optimal security and compliance.

Trigger

Slack

Use Cases

Identity and Access Management

Workflow Breakdown

  1. Receive a Slack command to trigger a temporary access request

  2. Pull groups that the user has access to and compare to JIT groups setup in the variable

  3. Ask user which group they would like access to and for how long

  4. Send access approval request to a Slack channel of approvers with details

  5. If access is approved, add user to the group in Azure AD, wait and then remove the user from the group

  6. If access is rejected or the request times out, notify the user about verdict

Vendors

Slack, Utils, Microsoft Active Directory

Workflow Output

Temporary group membership in Active Directory

Tips

If required, setup a Torq step runner to access an internal Active Directory server

Did this answer your question?