The "Just-in-time access to Group Membership in AzureAD by TEAMS" workflow enables secure, temporary access to Azure AD groups based on Teams commands. Ideal for Identity and Access Management, it streamlines requests by pulling user's existing group memberships, comparing to JIT setup groups, and facilitating user selection for access duration. Approval is sought via a Teams channel, and if granted, the user is added to the Azure AD group for the specified time, then automatically removed, enhancing security compliance.
Trigger
Microsoft Teams Bot
Use Cases
Identity and Access Management
Workflow Breakdown
Receive a Teams command to trigger a temporary access request
Pull groups that the user has access to and compare to JIT groups setup in the variable
Ask user which group they would like access to and for how long
Send access approval request to a Teams channel of approvers with details
If access is approved, add user to the group in Azure AD, wait and then remove the user from the group
If access is rejected or request times out, notify user about verdict
Vendors
Utils, Microsoft Azure AD, Microsoft 365, Microsoft Teams Bot
Tips
Configure Teams channel and Azure AD groups in the "Workflow Context" variable step.
Pick a Teams command to use, this example uses JIT-Request to call the workflow.