jenschristianschroder / jit-access-management Goto Github PK
View Code? Open in Web Editor NEWJust-In-Time Access Management Solution for Power Platform
License: MIT License
Just-In-Time Access Management Solution for Power Platform
License: MIT License
Add capability for admin to get detailed insights of access requests made for a user.
Some ideas:
If you are reading this and have additional ideas feel free to leave a comment!
Configure the charts to use the colors of the Access Request Status Reason choices
Add link to teams and users from relevant gallery on Shared With panel for admin to navigate to relevant record
Would be nice to be able to nudge approvers to react to approval request
Access Request Overview Page - On Granted requests, display a countdown timer indicating time until access revoked.
See #68
Add capability for users to request extension of access
Access request - "Your request has been Submitted" Feedback after click request access.
See #68
The comment field is not cleared after submitting a request
Can you implement a mechanism to enable profiles only to specific users/groups so users won't be able to see all profiles by default?
Consider including a max. count of requests a user can use an access profile per day.
Users could use the tool to have constant or very often access to the target environment. When limiting the access to e.g. 2xday, it can be used to prevent users building unmanaged solutions etc. in the target environment.
If access profile does not have approval, Grant Access flow runs twice resulting in duplicate activities created
Change the approval flow to user start approval action and wait for approval action to be able to create individual approval activities for each approver
Add more rigor to the Access Request Create Plugin to ensure that Access Request will reflect the configuration of the selected Access Profile and prevent creation of Access Requests that do not match the selected Access Profile.
Add tracing to identify outcome and involved approvers
Potentially users can create Access Requests at different stages than Requested.
This could have the effect that Access Request will jump the required process.
Generate a log of user committed change actions within the environment during the approved access session and attach to access request record.
See #68
Access request Management - Revoke button for active granted Access request.
See #68
Hello @jenschristianschroder,
We are testing the app in our environment and running into few issues.
When Admin request for the access, they can see the timeline but also the issue I found was that after the request is approved, in timeline it still says waiting for Approval and there is no green check next to it.
Hey Jens,
I have everything configured and validated. However after I approve a request I am getting an Oauth error in the Grant-Access flow. I checked that the secret and id are correct in the app.
"The provided OAuth authentication model needs to specify either the client secret or a client certificate and its corresponding password."
Let me know if I somehow missed something.
Thanks
Andrew
Add a Shared With panel for quick access to list of teams and users that an Access Profile has been shared with
Hi Jens,
Would be great if an Azure Keyvault secret could be used for the Access management Setup. Is that possible?
When setting approval type to All must approve the flow always set the outcome to reject.
Flow needs to include logic to verify response from all approvers
Add functionality to run Access Profile Diagnostics
Gather Access Profile custom commands into Access Profile command drop down
Hi Jens,
Recently the shared with functionality has been failing. I am getting an error about the app registration. It appears that the http connector in the associated flow is not getting the secret. The profile is showing up for the user but when a request is made everything is in the request except for the user.
Thanks!
Andrew
Retrieve-Shared-Access.Run failed: { "error": { "code": 502, "source": "unitedstates-002.azure-apim.net", "clientRequestId": "xxxxxxxxxx-xxx-xxxx-xxxx-xxxxxxxxxxx", "message": "BadGateway", "innerError": { "error": { "code": "NoResponse", "message": "The server did not receive a response from an upstream server. Request tracking id '08585070392234518897265260702CU98'." } } } }
There is a type in the trace output of the Access Request Create Plugin
When an Access Request is created without justification for an Access Profile that requires justification, the trace says ". Selectec" rather than ". Selected"
The "Waiting for approval" activity is created from the "Access-Request-Created" cloud flow.
It should be created from the "Start-Access-Request-Approval" cloud flow.
The icon in the galleries of teams and users shows the icon when mouse pressed.
Need to set the pressedColor to transparent
Testing the JIT App I'm getting this error when running the Grant-Access flow:
Http request failed as there is an error getting AD OAuth token: 'AADSTS700016: Application with identifier 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' was not found in the directory 'Contoso'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.
Trace ID: 2d61dd77-aca3-44ff-86cc-f700e17a9901
Correlation ID: 586635ab-e714-4e16-a955-3d4c66009706
Timestamp: 2023-05-30 19:31:55Z'.
here is a screenshot of the action that failed:
could this be related to the tenant hardcoded?
Save the Approval comment(s) to timeline activity
There seems to be some issue with caching of data stored in Dataverse.
When an Access Request status reason is updated it takes some time before the change is visible in the JIT Access Request Canvas App.
This also affects the Access Request Activities on the timeline of Access Request Details panel.
Add a capability for users to be notified that Access will be revoked in x min
The Access Management Administrator Security Role is missing privileges to allow user (admins) to enable Access Profile Approvers
Access request - Related Support ticket reference number text field
See #68
Access Request - Option so request immediate access or requester can specify a start time/date for the required access window.
See #68
Add Justification column to Access Request Main and Quick Create forms
Currently all Access Profiles are shown in the New Access Request Panel including Access Profiles that are draft or inactive.
Only Access Profiles with Status Active should be shown
Hi Jens,
Some feature suggestions.
Best regards
Matt
Add Flow Run Url link to Access Request Activity for direct deep link to run details
Add sorting to the Detail List of the JIT Access Request App
The facepile on the new Access Request Panel shows "Error loading control"
Enable secure output on cloud flow actions that retrieve Access Management Setup to ensure sensitive data is scrubbed
The Access Profile Diagnostics feature does not check if Application User exist in target environment
After adding a new user to host environment and setting user as approver for Access Requests the user does not get any approvals in Power Automate approvals site
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.