# Getting Started with Just-in-Time Access

## Visual Overview

The following diagram illustrates an example Just-in-Time Access workflow at a high level.

<figure><img src="/files/mzJ7umR8GlSddWzNV5Qk" alt=""><figcaption></figcaption></figure>

## Steps to Get Started

This guide provides the following sections to help you get up and running with P0's [Just-in-time access](/orchestration/just-in-time-access.md):

1. [Set up an Account and an Security Reviewer](#set-up-an-account-and-a-security-reviewer)
2. [Install P0 on an IAM Resource](#install-p0-on-an-iam-resource)
3. [Make Your First Access Request](#make-your-first-access-request)

{% hint style="info" %}
This process takes about 15 minutes.
{% endhint %}

{% hint style="info" %}
This document uses the following terms:

* **Requestor:** Person who requests access to a resource via P0's Slack bot.
* **Approver:** Person who approves these access requests via P0's Slack bot.
  {% endhint %}

## Set up an Account and a Security Reviewer

To create your P0 account and set up an approver to approve access requests:

1. Create a free P0 account at[ https://p0.app/create-account](https://p0.app/create-account). All you need is an email address.
2. Set up a cloud integration through the guided onboarding flow (select **Just-in-time Access)**. You may skip this step and instead follow the instructions to install a resource [in the next step.](#install-p0-on-an-iam-resource)
3. Once you've completed the onboarding, under **P0 Management**, add one or more "Security Reviewers". Security Reviewers will be able to approve access requests.

<figure><img src="/files/5WKRruuzLbFVrtheq0sA" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
To further configure access request requesters, approvers, or change settings such as the ability to approve your own access requests, navigate to **Policy Studio** (or go to `https://p0.app/o/<your organization>/policies`). You may edit the existing default rule or create new rules.�a0
{% endhint %}

## Install P0 on an IAM Resource

If you already configured a resource as part of the guided onboarding, you may skip this step. Otherwise, you will need to install an IAM resource to which users can request Just-in-time access.

To do this, navigate to **Integrations** and select the integration you wish to install from the list of "Resource" integrations.

<figure><img src="/files/fuHXaw3vcMnGRfGQQwnP" alt=""><figcaption></figcaption></figure>

Once you have selected a resource, follow the instructions in the app to provide P0 with permissions to grant and revoke access on that resource via the **IAM Management** installation. For more information, follow one of the resource-specific installation guides below.

{% content-ref url="/pages/oOcOnLUMfBQoti6jD1po" %}
[Google Cloud](/integrations/resource-integrations/google-cloud.md)
{% endcontent-ref %}

{% content-ref url="/pages/baaaYyZ5nS00f0uGiG18" %}
[AWS](/integrations/resource-integrations/aws.md)
{% endcontent-ref %}

{% content-ref url="/pages/L3Cnca6oWCOCnTjRmkKb" %}
[Snowflake](/integrations/resource-integrations/snowflake.md)
{% endcontent-ref %}

{% content-ref url="/pages/PmNajuau9q2r5PTTC5b3" %}
[Kubernetes](/integrations/resource-integrations/kubernetes.md)
{% endcontent-ref %}

{% content-ref url="/pages/opL9OInWPk4kKaG09OCJ" %}
[PostgreSQL](/integrations/resource-integrations/postgresql.md)
{% endcontent-ref %}

## Make your First Access Request

Once you've set up P0, you can make your first access request. You can try this out entirely on your own, if you enabled one-party approvals in [Set up an Account and a Security Reviewer ](#set-up-an-account-and-a-security-reviewer)above. Otherwise, grab a colleague to help you, and designate one person as the requestor and the other as the approver:

{% hint style="info" %}

* You can use the [P0 Security Command-line Interface](https://www.npmjs.com/package/@p0security/cli) (CLI) as an alternate method to request permissions, and then approve using the P0 website app.
* P0 is in the process of adding additional IAM request methods, including a Microsoft Teams bot.
  {% endhint %}

{% tabs %}
{% tab title="Via the p0.app" %}

1. Navigate to any page under Access Management `https://p0.app/o/<your organization>/jit/activity` and click the Request Access button in the top right.

<figure><img src="/files/KQZIsDbH6r70LQPdQ5Ou" alt=""><figcaption></figcaption></figure>

2. Populate the request details. For example:

<figure><img src="/files/SBcobOoTFmtyVTgCkjTj" alt="" width="375"><figcaption></figcaption></figure>

3. The approver can see the request on the Access Management Activity page in the Pending section.

   <figure><img src="/files/OG01KaKEvTlS1n8ciShp" alt=""><figcaption></figcaption></figure>

   After a few moments, the access requestor will receive a notification in the **p0-requests** channel that access was granted.

{% hint style="warning" %}
Most IAM systems have a delay of around 10 to 30 seconds after access is configured before access propagates to the resource and usage is enabled.
{% endhint %}

4. Once the access propagates to the resource, the request will progress to the Active section.

<figure><img src="/files/gsiAJEtdHmhJTGoZLyoz" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
Access automatically ends after the expiration period is over, or when the requestor clicks the **Relinquish** button in their P0 DM.
{% endhint %}
{% endtab %}

{% tab title="Via Slack" %}

1. Have the requestor open Slack, navigate to the **p0-requests** channel, and enter `/p0 request` in the Slack channel:

<figure><img src="/files/XtpKX2s78kuSbbc9WlhE" alt="" width="376"><figcaption></figcaption></figure>

2. Populate the request details. For example:

   <figure><img src="/files/NhHbetPl3twqgkS6D8R5" alt="" width="375"><figcaption></figcaption></figure>
3. The approver should receive a Slack notification via a DM from **P0 Security**. Navigate to that DM chat, choose an expiration, and click **Approve**.

   <figure><img src="/files/A3eajWgPoWRMT3QRRPuv" alt="" width="563"><figcaption></figcaption></figure>

   After a few moments, the access requestor will receive a notification in the **p0-requests** channel that access was granted.

{% hint style="warning" %}
Most IAM systems have a delay of around 10 to 30 seconds after access is configured before access propagates to the resource and usage is enabled.
{% endhint %}

4. Once the access propagates to the resource, the requestor can validate the access.

{% hint style="info" %}
Access automatically ends after the expiration period is over, or when the requestor clicks the **Relinquish** button in their P0 DM.
{% endhint %}

<figure><img src="/files/UBv1bygiiaVVFR19k0uz" alt="" width="563"><figcaption></figcaption></figure>
{% endtab %}
{% endtabs %}

## What's Next

If you run into any issues, please reach out to <support@p0.dev> for assistance. We're here to help!

Now that you can make access requests, you can:

* Add [additional IAM integrations](/integrations/resource-integrations.md)
* Connect P0 to [your directory](/integrations/directory-integrations.md)
* Add [auto approvals](/integrations/approval-integrations.md)
* Start using [P0's Inventory & Posture capabilities](/getting-started/getting-started-with-inventory-and-posture.md)
* [Route, automatically approve, and automatically deny requests](/orchestration/just-in-time-access/request-routing.md) based on the requester and resource


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.p0.dev/getting-started/getting-started-with-just-in-time-access.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.