β¬οΈQuick Start
This guide will take you through creating your account, installing P0 in your organization, and making your first just-in-time access request.
Setting up P0 for your first just-in-time access grant generally takes about 15 minutes.
What you'll need
In order to set up P0, you'll need some admin privileges, or have someone available who has them:
The ability to install a Slack App
Privileges to create roles (or policies in AWS), and grant privileges, on at least one IAM resource (one of AWS, Google Cloud, or Snowflake)
Create an account
To get started, first create a P0 account at p0.app/create-account. Creating an account, and using P0, is free. All you need is an email address.
Configure an access approver
Once you've created an account, add one or more access-request approvers under "Settings":
If you want approvers to be able to approve their own requests, enable "one-party approvals" as well.
Install the Slack App
Follow the Slack set-up instructions to install P0 on your Slack:
π¬pageSlackInstalling an IAM resource
Now set up P0 on an IAM resource. Follow one of the three guides below:
βοΈpageGoogle Cloudπ¦pageAWSβοΈpageSnowflakeMake your first access request
Now that you've set up P0, make your first access request. If you enabled one-party approvals in "Configure an access approver" above, you can try this out entirely on your own. Otherwise, grab a colleague to help you:
Ask your colleague to run
/p0 requestin Slack. Have them fill out request details. For example:
You should receive a notification in the Slack channel on which you installed P0. Go to this channel, choose an expiration, and click "Approve".
After a few moments, your colleague should receive a notification that their access was granted.
Most IAM systems have a delay of around 10 to 30 seconds after access is configured before the access may be used.
Have your colleague wait about ten seconds for access to propagate through the resource, then ask them to validate that their access works.
Your colleague's access will automatically expire after the expiration period is over. Or, they can click the "Relinquish" button in their P0 DM.
What's next
If you run into trouble, please reach out to support@p0.dev for assistance. We're here to help!
After you've gotten started with access requests, you can:
Connect P0 to your directory.
Add auto approvals.
Run an IAM audit.
Route, automatically approve, and automatically deny requests based on the requestor and resource.
Last updated
