P0 App Documentation
Sign up for FreeSandbox
  • What Is P0?
    • πŸŽ›οΈIAM Dashboard
    • πŸ”ŽAccess Inventory
    • πŸͺ‘IAM Posture
    • ⏱️Just-In-Time Access
    • ♻️Service-Account Key Rotation
  • Getting Started
    • ⬇️Quick Start
    • 🎁Share P0 With Your Team
  • INVENTORY
    • πŸ—ΊοΈAccess Inventory
    • πŸ”¬Result Details
    • ❔Query Search
      • πŸ“–Search Reference
  • Posture
    • βš–οΈPosture Overview
  • Monitor Results
  • πŸ€”Finding Details
  • ORCHESTRATION
    • ⏰Just-in-time access
      • πŸ–οΈRequesting Access
        • πŸ‘‰For Another Party
      • 🏁Approving Access
        • Pre-approving Access
      • πŸ”€Request Routing
        • Google Cloud Filtering
        • AWS Filtering
  • Environments
    • ☁️Creating an Environment
    • πŸ““Environment Terminology
    • βš™οΈSettings
  • Integrations
    • πŸ“žNotifier integrations
      • πŸ’¬Slack
      • πŸ‘¬Microsoft Teams
      • πŸ“£Custom Notifier
    • πŸ”‘Resource integrations
      • ☁️Google Cloud
        • Requesting Access
        • Permissions Reference
          • Cloud Storage
          • Compute Engine
      • πŸ“¦AWS
        • Requesting Access
      • ☸️Kubernetes
        • Requesting Access
        • Advanced Requests
      • πŸ”‹PostgreSQL
        • Requesting Access
      • ❄️Snowflake
      • πŸ–₯️SSH
      • GitHub
        • Requesting Access
      • πŸ› οΈCustom Resource
    • πŸ‘₯Directory integrations
      • Microsoft Entra ID
        • Requesting Access
      • Google Workspace
      • Integrate P0 with Okta
    • βœ”οΈApproval integrations
      • πŸ””PagerDuty
    • πŸ”ŒSIEM Integrations
      • Splunk HEC Setup
  • P0 Management
    • 🎩Role-Based Access Control
Powered by GitBook
On this page
  1. Integrations
  2. Resource integrations

Custom Resource

Integrate P0 with any internal system you own, or with systems that do not have a built-in integration yet.

Implement your own API endpoints that P0 can call to provision access.

Set up Custom Resource Integration

The integration wizard is not generally available at the moment. Please contact P0 support to configure your custom resource integration.

Configuration Parameters

These parameters are configured by you during setup.

The examples use an integration that connects users to an internal application for customer administration at a multi-tenant B2B company. Each custom resource integration can have multiple Access Types (e.g. "resource", "role", "customerEnvironment"), and each Access Type can have multiple Parameters (e.g. the "customerEnvironment" access type may have "geoZone", "customerId", and "permissions" parameters). Only one Access Type and Parameter is provided below for simplicity.

Parameter
Description
Example Value

Integration ID

The identifier of the system you are integrating*

customerAdminApp

Integration Name

The name of the custom resource integration

Internal Customer Admin App

Access Type

The type of access users are requesting*

customerEnvironment

Access Label

A user-friendly name for the access type

Customer Environment

Access Description

A sentence to describe the access

Access customer environments in the admin app

Parameter ID

The only parameter in this access type*

customerId

Parameter Label

A user-friendly name for the parameter

Customer Name

Parameter Description

A sentence to describe this parameter

The customer name from billing

Base URL

Your https base URL that P0 uses to call your endpoints. May contain a path.

https://p0-api.example.com/path

Support Email

The email address your users can contact in case the integration encounters errors. P0 uses displays an error message pointing users to contact this email if P0 receives an internal error payload from your endpoints.

p0sec-support@example.com

* Identifiers in P0 do not allow whitespace. By convention use camel-casing. Not visible to users.

OpenAPI Specification

This specification describes the API endpoint you must implement to create a custom resource integration in P0.

PreviousRequesting AccessNextDirectory integrations

Last updated 28 days ago

πŸ”‘
πŸ› οΈ

List available items

get

List available items, such as resources. P0 may periodically retrieve the list and cache the results for interactive search.

Authorizations
Path parameters
parameterIdstringRequired

Parameter ID of the items being listed. The parameter ID is configured during setup of the custom resource in P0.

Responses
200
Success
application/json
201
Success
application/json
202
Success
application/json
default
Error
application/json
get
GET /parameters/{parameterId}/list HTTP/1.1
Host: 
Authorization: Bearer JWT
Accept: */*
{
  "items": []
}
  • Set up Custom Resource Integration
  • Configuration Parameters
  • OpenAPI Specification
  • POSTGrant access
  • POSTRevoke access
  • GETList available items

Grant access

post

Grant a user access to a resource

Authorizations
Path parameters
accessTypestringRequired

The type of access requested. The access type is configured during setup of the custom resource in P0.

Body
requestIdstringOptional

Random identifier for the request generated by P0

Example: 00iJ7cFPzE8rXb9bwto8
typestringRequired

The value of this field is always going to be the Integration ID value you configured in P0.

Example: internalEnvironmentViewerApp
accessstringOptional

The value of this field is always going to be the Access Type value you configured in P0.

Example: customerEnvironment
principalstringRequired

E-mail address of the principal. Access should be provisioned to the user identified by this email.

Example: access-receiver@example.com
requestorstringRequired

E-mail address of the requestor. Different from the principal only if the requestor initiated the access request on behalf of someone else.

Example: access-initiator@example.com
reasonstringOptional

The reason provided by the requestor

Example: I need access to troubleshoot an issue
Responses
200
Success
201
Success
202
Success
default
Error
application/json
post
POST /access/{accessType}/grant HTTP/1.1
Host: 
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 289

{
  "requestId": "00iJ7cFPzE8rXb9bwto8",
  "type": "internalEnvironmentViewerApp",
  "access": "customerEnvironment",
  "principal": "access-receiver@example.com",
  "requestor": "access-initiator@example.com",
  "permission": {
    "{parameterId}": "my-customer-inc"
  },
  "reason": "I need access to troubleshoot an issue"
}

No content

Revoke access

post

Revoke a user access from a resource

Authorizations
Path parameters
accessTypestringRequired

The type of access requested. The access type is configured during setup of the custom resource in P0.

Body
requestIdstringOptional

Random identifier for the request generated by P0

Example: 00iJ7cFPzE8rXb9bwto8
typestringRequired

The value of this field is always going to be the Integration ID value you configured in P0.

Example: internalEnvironmentViewerApp
accessstringOptional

The value of this field is always going to be the Access Type value you configured in P0.

Example: customerEnvironment
principalstringRequired

E-mail address of the principal. Access should be provisioned to the user identified by this email.

Example: access-receiver@example.com
requestorstringRequired

E-mail address of the requestor. Different from the principal only if the requestor initiated the access request on behalf of someone else.

Example: access-initiator@example.com
reasonstringOptional

The reason provided by the requestor

Example: I need access to troubleshoot an issue
Responses
200
Success
201
Success
202
Success
default
Error
application/json
post
POST /access/{accessType}/revoke HTTP/1.1
Host: 
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 289

{
  "requestId": "00iJ7cFPzE8rXb9bwto8",
  "type": "internalEnvironmentViewerApp",
  "access": "customerEnvironment",
  "principal": "access-receiver@example.com",
  "requestor": "access-initiator@example.com",
  "permission": {
    "{parameterId}": "my-customer-inc"
  },
  "reason": "I need access to troubleshoot an issue"
}

No content