1. Planning.

• Assessment
  Start by recognizing who needs access within Leapsome, the resources they require, and why. Evaluate the current access rights and think about whether they can be reduced or eliminated. You might find a tool that uncovers entitlements helpful for gaining more transparency.
• Policy creation
  Develop clear policies for authorizing and revoking access. Craft rules on who can request access, under which conditions, and for how long. It's crucial to impute time-specific parameters, especially for privileged roles.
• Source of truth
  Synchronize your JIT access procedure with an Identity Provider (for instance, Okta, Google Workspace, Azure AD, OneLogin). This will act as a reliable source for identities. Shifting individual identities over shared accounts promises enhanced authorization control and precise audits.

2. Execution.

• Self-serve access requests
  Streamline the process by enabling users to ask for access through the system rather than through individuals. Raise the integration rates by coupling with IM platforms like Slack or MS Teams. Make sure requests include specifics such as who is asking, the necessary service/resource/role, duration, and reason.

• Approval process
  JIT access allows organizations to entrust approvals to individuals who possess a business context. Resource owners and business unit managers often have a better understanding of the circumstances than IT support. Communication platforms bring speed to responses, providing approvers with all the necessary details to make an informed decision.

• Conditional approval workflows  
  Integrate your pre-established policies into workflow systems that determine access authorizations. Include them in formulations that instruct who can access what, and under what conditions. One potent way is by applying if-then conditions like IF identity group “X” requests access to “Y”, approval must be sought from “Z” and notify “M”.

• Integrations
  ‍Integrating a JIT access system with IT and security methods can offer increased flexibility; for instance, integrating with IT ticketing systems can enable automatic access based on ticket status.
• Automated provisioning and deprovisioning
  Understanding Leapsome will improve automatic granting and revoking of access within the service. This is central to JIT Access as it reduces the need for human intervention. It ensures automatic access removal, which aligns with JIT access and the principle of least privilege access (POLP).
• Access methods
  For Leapsome JIT Access, APIs are favored due to their adaptability and real-time capabilities. However, a varied approach may be required, such as using SAML for authentication, SCIM for user provisioning, and APIs for exact access control decisions.

3. Maintenance.

• Regular audits
  Carry out regular checks on access logs to ensure that JIT access is functioning as planned.
• User training
  Instruct users, especially those with high privileges, on the significance of least privilege, JIT Access, and how it operates. Ensure users aware of how to request access when it's needed.
• Feedback loop
  Frequently review your JIT access procedures and solicit feedback from users and IT staff to understand possible improvements.

By adhering to this systematic plan, you'll be efficient in applying a strong Just-in-Time Access system for Leapsome.