1. Planning.

• Assessment
  Start by identifying the individuals in need of access, the resources they require, and the reasons behind these needs. Review the current access rights and consider whether they can be minimized or even removed. For improved visibility, consider the use of an entitlement discovery tool.
• Policy creation
  Develop clear-cut policies outlining the procedures for granting and revoking access. These policies should outline who is allowed to request access, the conditions under which access can be granted, and the permitted duration of access. Establish time-bound parameters, especially for privileged roles.
• Source of truth
  Link your JIT access system with an Identity Provider (e.g., Okta, Google Workspace, Azure AD, OneLogin). This will serve as your definitive source for user identities. Prioritize individual identities over shared accounts for enhanced control over authorization and improved audit accuracy.

2. Execution.

• Self-serve access requests
  Streamline the access process by having users request access directly through the system, not through individuals. Promote adoption rates by integrating with IM platforms like Slack or MS Teams. Ensure that requests clearly detail who's asking, their required service/resource/role, the duration, and the reason for the request.

• Approval process
  JIT access enables organizations to assign approval responsibilities to those with the appropriate business context. Messaging platforms may speed up response times, providing approvers with all the necessary information for making informed decisions.

• Conditional approval workflows
  Implement your established policies into workflows that govern access permissions, determining who gets access to what, and under which conditions. This can be effectively done using if-then conditions.

• Integrations
  Consider integrating JITA with other IT and security systems, such as IT ticketing systems for automated access based on ticket status, data classification systems for tailored policies based on data sensitivity, and on-call schedule software for automated approvals during emergencies.
• Automated provisioning and deprovisioning
  Familiarize yourself with Lattice to efficiently grant and revoke fine-grained access automatically within the service. This is crucial for JIT Access since it lessens the dependence on human intervention and aids in automated deprovisioning of access, a key feature of JIT access and the principle of least privilege access (POLP).
• Access methods
  For Lattice JIT Access, APIs are a preferred choice given their flexibility and real-time capabilities. However, a blend of methods such as SAML for authentication, SCIM for user provisioning, and APIs for precise access control decisions may be required.

3. Maintenance.

• Regular audits
  Conduct routine checks of access logs to confirm that the JIT access is functioning as intended. Be on the lookout for any abnormal patterns or behaviors.
• User training
  Conduct regular training sessions for users, particularly those with privileged access, on the importance of least privilege, JIT Access, and its operation.
• Feedback loop
  Consistently review your JIT access procedures by seeking feedback from users and IT staff to understand where improvements can be made.

By adhering to this structured approach, you will be able to effectively implement a robust Just-in-Time Access system for Lattice.