Just-In-Time Access Management for Power Platform
Image Source: Shutterstock.com
Power Apps
May 31, 2023 9:11 AM

Just-In-Time Access Management for Power Platform

by HubSite 365 about Jens Christian Schrøder

Principal Program Manager at Power Platform Customer Advisory Team

External Blog Post
Citizen Developer

Power AppsM365 Hot News

Allow Makers to request Just-In-Time access to Power Platform Environments based on configured Access Profiles.

More about Just-In-Time Access Management for Power Platform

"A common challenge when managing Power Platform at scale is following the principle of least privilege. Ideally, users should not have access to environments unless required. This is especially important for environments hosting business critical solutions and/or sensitive data.
The JIT Access Management solution mitigates this by allowing makers to request access to environments for a limited time. When time is up, access will automatically be revoked."

Just-In-Time Access Management for Power Platform

Just-In-Time Access Management for Power Platform is a solution that helps organizations manage access to their Power Platform environments. It enables makers to request access to environments for a limited time, and automatically revokes access when time is up. This helps organizations maintain the principle of least privilege and ensure that users only have access to environments when required, especially those hosting business critical solutions and/or sensitive data.

Installation

  1. Download the managed solution from the assets in the latest release: https://github.com/jenschristianschroder/JIT-Access-Management/releases.
  2. Import the solution into your environment.

Setup

  1. Launch the JIT Access Management Model-Driven app.
  2. Select the Setup area in bottom left corner.
  3. Create a new JIT Access Management Setup record.
  4. Give the record a name.
  5. Enter the Tenant. This can be either tenant id or domain name
  6. Enter the Client Id of the Azure Application Registration to be used for granting and revoking access.
  7. Enter the Client Secret of the Azure Application Registration to be used for granting and revoking access.
  8. Select the JIT Access Management area in bottom left corner.

 

https://github.com/jenschristianschroder/JIT-Access-Management/releases

 

The JIT Access Management Solution

The JIT Access Management for Power Platform solution is published as open source on Github. It is composed of two features: an Admin App with an interactive dashboard for quick overview and data investigation and an Access Profile component to configure the access policies.

The Admin App provides a centralized view of access requests and allows admins to quickly respond to requests, revoke access, and investigate access requests. The Access Profile component enables admins to configure access policies, such as the duration of access, the number of access requests allowed, and the roles and environments to which access can be granted.

What Else Should I Learn About This Product?

The JIT Access Management for Power Platform also supports delegated access management. This allows admins to delegate access management to makers, so that they can manage their own access requests without needing to access the Admin App. Additionally, the solution enables admins to set up different access policies for different roles, so that access policies can be tailored to each user's needs.

The JIT Access Management for Power Platform also offers audit logging for all access requests. This allows admins to track who requested access, when, and for what purpose. This helps admins to ensure that access is used appropriately and that users are following the access policies.

Finally, the solution is designed to be highly configurable. Admins can customize the access policies, the duration of access, the number of access requests allowed, and the roles and environments to which access can be granted. Additionally, admins can set up automated reminders to ensure that users are alerted when their access is about to expire.

 

More links on about Just-In-Time Access Management for Power Platform

Building a JIT app for elevated permissions on ...
Aug 24, 2021 — To handle such situations, we built a Just in Time (JIT) app for assigning Admin roles, using Power Platform.
Just In Time Access with SharePoint and Microsoft Flow
Apr 23, 2019 — You can use Microsoft's native Privileged Identity Management in Azure AD for roles and resources and Just-In-Time access to virtual ...
What is Just-in-Time Access (JIT)?
Just-in-Time access is a security practice where privileged access is limited to predetermined periods of time, on an as-needed basis.
What is Just-In-Time Access? JIT Access Explained
Just-in-time (JIT) access allows elevation of human and non-human users in real-time to provide granular privileged access to an application or system.
What is Privileged Access Management (PAM)?
PAM consists of cybersecurity strategies & technologies for exerting control over the privileged access and permissions for users, accounts, and systems.
Privileged Access Management in Office 365 - Part One
Nov 6, 2018 — In other words, PAM enables JEA and JIT on top of the regular RBAC controls and supplements them with robust auditing to give you Zero Standing ...
How to Implement Identity Management for Microsoft ...
Dec 10, 2022 — Identity Management describes how a Power Platform artifact provides access to different groups of users or different roles.
Boost security with Office 365 privileged access management
Aug 24, 2021 — PAM gives just-in-time access and just-enough-access. Using PAM ensures that no one user has admin privileges for an extended period, and a ...
Troubleshooting: Common user access issues
User access diagnostic tool in the Power Platform admin center ... Just-in-time (JIT) user provisioning: When users access an environment URL, ...