β¬οΈQuick Start
Last updated
Last updated
This guide will take you through creating your account, installing P0 in your organization, and making your first just-in-time access request.
Setting up P0 for your first just-in-time access grant generally takes about 15 minutes.
In order to set up P0, you'll need some admin privileges, or have someone available who has them:
The ability to install a Slack App
Privileges to create roles (or policies in AWS), and grant privileges, on at least one IAM resource (one of AWS, Google Cloud, or Snowflake)
To get started, first create a P0 account at p0.app/create-account. Creating an account, and using P0, is free. All you need is an email address.
Once you've created an account, add one or more access-request approvers under "Settings":
If you want approvers to be able to approve their own requests, enable "one-party approvals" as well.
Follow the Slack set-up instructions to install P0 on your Slack:
Now set up P0 on an IAM resource. Follow one of the three guides below:
Now that you've set up P0, make your first access request. If you enabled one-party approvals in "Configure an access approver" above, you can try this out entirely on your own. Otherwise, grab a colleague to help you:
Ask your colleague to run /p0 request
in Slack. Have them fill out request details. For example:
You should receive a notification in the Slack channel on which you installed P0. Go to this channel, choose an expiration, and click "Approve".
After a few moments, your colleague should receive a notification that their access was granted.
Most IAM systems have a delay of around 10 to 30 seconds after access is configured before the access may be used.
Have your colleague wait about ten seconds for access to propagate through the resource, then ask them to validate that their access works.
Your colleague's access will automatically expire after the expiration period is over. Or, they can click the "Relinquish" button in their P0 DM.
If you run into trouble, please reach out to support@p0.dev
for assistance. We're here to help!
After you've gotten started with access requests, you can:
Connect P0 to your directory.
Add auto approvals.
Run an IAM audit.
Route, automatically approve, and automatically deny requests based on the requestor and resource.