Skip to main content
All CollectionsTemplatesIntermediate
Just-in-time access to Group Membership in Entra ID (ex-Azure AD) - Workflow Template
Just-in-time access to Group Membership in Entra ID (ex-Azure AD) - Workflow Template

Trigger on a Slack command where a user asks for temporary access to applications based on group membership via Entra ID with approval.

Updated over a week ago

This Torq workflow template provides an automated process for granting just-in-time (JIT) access to group memberships via Entra ID upon receiving a Slack command. The workflow ensures secure identity and access management by verifying the user's current group memberships, determining eligibility for JIT access, and seeking approval through a designated Slack channel. Once access is approved, the workflow temporarily adds the user to the specified group and, after the agreed duration, revokes the access, maintaining stringent access control compliance.

Trigger

Slack

Use Cases

Identity and Access Management

Workflow Breakdown

  1. Receive a Slack command to trigger a temporary access request

  2. Pull groups that the user has access to and compare to JIT groups setup in the variable

  3. Ask user which group they would like access to and for how long

  4. Send access approval request to a Slack channel of approvers with details

  5. If access is approved, add user to the group in Entra ID, wait and then remove the user from the group

  6. If access is rejected or request times out, notify user about verdict

Vendors

Slack, Utils, Microsoft Azure AD, Microsoft 365

Tips

  • Configure the Slack channel and Entra ID groups in the "Workflow Context" variable step.

  • Pick a Slack command to use, this example uses JIT-Request to call the workflow in Slack.

Did this answer your question?