1. Planning.

• Assessment
  Start by pinpointing the individuals who need access, what resources they're after, and why they need them. Make an inventory of existing access rights, see if they can be downsized or removed. Think about using an entitlement discovery tool for a more inclusive view.
• Policy making
  Establish clear principles for both giving and withdrawing access. Include specifications about who can request for access, when and under what conditions, and for how long. Particularly for privileged roles, establish time-bound parameters.
• Source of truth
  Synchronize your Just-in-Time access system with an Identity Provider (IDP) such as Okta, Google Workspace, Azure AD, OneLogin. This will act as your main source for identities. Individual identities are better than shared accounts for stronger control over authorization and more precision in auditing.

2. Implementation.

• Self-serve access requests
  Streamline the process by allowing users to demand access through the system, instead of people. Boost adoption rates by incorporating IM platforms like Slack or MS Teams. Ensure requests specify who is asking, the required service/resource/role, duration, and reason.

• Approval procedure
  Just-in-Time access offers an opportunity for companies to delegate approval power to individuals with business insight. Resource owners and business unit managers usually have better context than IT helpdesks. Leverage messaging platforms for quick responses, providing approvers with all the necessary details for an informed decision.

• Conditional approval workflows
  Insert your established guidelines into workflows that decide access permissions. Set them into their conditions, dictating who can access what. Assigning if-then conditions is one practical way to do this. IF identity group “X” asks for access to “Y”, seek approval from “Z” and notify “M”.

• Integrations
  Contemplate integrating Just-in-Time access with other IT and security systems for extra flexibility. Tie in with data classification systems to tweak policies according to data sensitivity. You should ideally be able to tag resources and group them together to streamline this process. Work with on-call scheduling software for automated approvals during emergencies. Use training systems to grant access only after training is complete.
• Automated provisioning and deprovisioning
  Understand New Relic's workings to effectively grant and remove access automatically within the service.

3. Ongoing maintenance.

• Regular audits
  Regularly check access logs to make sure that Just-in-Time access is functioning as it should. Check for any unusual patterns or behaviors directly or by sending the logs to your SIEM. You can automate the user access review process for speedy evidence gathering, appoint reviewers, and ensure your system complies with relevant industry regulations or standards.
• User training
  Teach users, particularly privileged ones, about the significance of least privilege, Just-in-Time Access, and its workings. Confirm users are aware of how to ask for access when needed.
• Feedback loop
  Ensure a routine review of your Just-in-Time access practices. Request feedback from users and IT personnel to understand what can be improved.

By abiding by this structured method, you'll achieve an efficient implementation of a robust Just-in-Time Access system for New Relic.