Sign up for FreeKnowledge Base

⬇️Getting Started with Just-in-Time Access

This guide provides the following sections to help you get up and running with P0's Just-in-time access:

  1. Set up an Account and an Security Reviewer

  2. Install P0 on an IAM Resource

  3. Make Your First Access Request

This process takes about 15 minutes.

This document uses the following terms:

  • Requestor: Person who requests access to a resource via P0's Slack bot.

  • Approver: Person who approves these access requests via P0's Slack bot.

Set up an Account and a Security Reviewer

To create your P0 account and set up an approver to approve access requests:

  1. Create a free P0 account at https://p0.app/create-account. All you need is an email address.

  2. Set up a cloud integration through the guided onboarding flow (select Just-in-time Access). You may skip this step and instead follow the instructions to install a resource in the next step.

  3. Once you've completed the onboarding, under P0 Management, add one or more "Security Reviewers". Security Reviewers will be able to approve access requests.

To further configure access request requestors, approvers, or modify settings such as the ability to approve your own access requests, navigate to "Just-in-time" and select the "Routing" tab (or go to https://p0.app/o/<your organization>/jit/routing ). You may edit the existing default rule or create new rules.

Install P0 on an IAM Resource

If you already configured a resource as part of the guided onboarding, you may skip this step. Otherwise, you will need to install an IAM resource to which users can request Just-in-time access.

To do this, navigate to Integrations and select the integration you wish to install from the list of "Resource" integrations.

Once you have selected a resource, follow the instructions in the app to provide P0 with permissions to grant and revoke access on that resource via the IAM Management installation. For more information, follow one of the resource-specific installation guides below.

☁️Google Cloud📦AWS❄️Snowflake☸️Kubernetes🔋PostgreSQL

Make your First Access Request

Once you've set up P0, you can make your first access request. You can try this out entirely on your own, if you enabled one-party approvals in Set up an Account and a Security Reviewer above. Otherwise, grab a colleague to help you, and designate one person as the requestor and the other as the approver:

  • You can use the P0 Security Command-line Interface (CLI) as an alternate method to request permissions, and then approve using the P0 website app.

  • P0 is in the process of adding additional IAM request methods, including a Microsoft Teams bot.

  1. Navigate to any page under Just-in-time https://p0.app/o/<your organization>/jit/activity and click the Request Access button in the top right

  1. Populate the request details. For example:

  1. The approver will be able to see the request under the Just-in-time Activity page under the Pending section

    After a few moments, the access requestor will receive a notification in the p0-requests channel that access was granted.

Most IAM systems have a delay of around 10 to 30 seconds after access is configured before access propagates to the resource and usage is enabled.

  1. Once the access propagates to the resource, the request will progress to the Active section.

Access automatically ends after the expiration period is over, or when the requestor clicks the Relinquish button in their P0 DM.

What's Next

If you run into any issues, please reach out to [email protected] for assistance. We're here to help!

Now that you can make access requests, you can:

PreviousService-Account Key RotationNextGetting Started with Inventory & Posture

Last updated