Skip to main content
All CollectionsTemplatesIntermediate
Just-in-time access to Group Membership in AzureAD - Workflow Template
Just-in-time access to Group Membership in AzureAD - Workflow Template

Trigger on a Slack command where a user asks for temporary access to applications based on group membership via Azure AD with approval.

Updated over a week ago

This workflow template allows users to request temporary, just-in-time access to specific Azure AD groups via a Slack command. With built-in approval mechanisms, the request is reviewed in a designated Slack channel, and, if approved, the user is temporarily added to the Azure AD group. Access is automatically revoked after the specified time, ensuring secure and compliant identity and access management.

Trigger

Slack

Use Cases

Identity and Access Management

Workflow Breakdown

  1. Receive a Slack command to trigger a temporary access request

  2. Pull groups that the user has access to and compare to JIT groups setup in the variable

  3. Ask user which group they would like access to and for how long

  4. Send access approval request to a Slack channel of approvers with details

  5. If access is approved, add user to the group in Azure AD, wait and then remove the user from the group

  6. If access is rejected or request times out, notify user about verdict

Vendors

Slack, Utils, Microsoft Azure AD, Microsoft 365

Tips

Configure the Slack channel and Azure AD groups in the \"Workflow Context\" variable step.","Pick a Slack command to use, this example uses JIT-Request to call the workflow in Slack

Did this answer your question?