Managing user permissions and group membership within Azure is a time suck. The weeks of back and forth between requesters, managers, and admins cuts into valuable work time.
When pursuing least privilege, you multiply the complexity and time necessary to do that management. Automation is the only way to dynamically manage permissions and roles for your cloud resources in a scalable way.
With Indent’s new native integration, you can easily automate least privilege within Azure Active Directory.
Indent is built to get temporary access to engineers quickly through a Slack or email-based workflow. Requests are automatically routed based on your compliance policies and revoked after the approver’s set duration. Certain resources can also be configured to instantly approve based on the requester’s on-call status.
With guardrails that expedite and protect the entire access lifecycle, your access control policies are followed every time.
Rather than slowing teams down, moving to on-demand, least-privilege access has helped teams like Modern Treasury give access to their production resources securely in under one minute.
By implementing time-bound, role-based access control for Azure with Indent, you give valuable time back to your team while also protecting against resource misuse and attacks.
If you’re ready to automate least privilege in Azure: Get early access →
Let’s look at an example of how Indent can help your team get access faster and more securely. Story time!
Alex is an engineer at Acme Corp, which uses Azure for their cloud resources. This week Alex is on-call.
At the beginning of their on-call rotation week, Alex opens Indent, and requests membership of the on-call mailing list.
By requesting membership of the list for only when Alex is on-call, their inbox is less cluttered, and there’s less sensitive information floating around needlessly.
A few days later, Alex gets pinged. There’s an outage on the website which requires SQL server access to resolve.
Again, Alex opens Indent and requests access to the “Engineering: Production” Active Directory group for three hours and gives the following reason: “On-call to resolve issue #5543”.
If Alex wasn’t on-call, that request would get routed according to Acme’s policies to Alex’s manager, the VP of Engineering, for approval.
Because Alex is on-call though, Indent is able to verify Alex’s on-call status in PagerDuty. Then Alex is instantly granted access to the “Engineering: Production” group which has admin SQL server permissions, so they can get to work investigating the incident.
Alex is able to resolve the outage within those three hours and goes back to bed. At the three hour mark, Indent goes in and automatically deprovisions Alex’s elevated access to the SQL server by moving them out of the “Engineering: Production” group.
All those access changes gets logged in an easily exportable way for security and compliance purposes. At the end of the week, Alex is also automatically removed from the on-call mailing list.
At the end of the quarter, admins at Acme Corp do not need to review Alex’s elevated SQL server permissions because it was automatically deprovisioned.
Here some examples of how Indent can help you manage resource access within Azure:
By managing Azure resources with Indent you can:
At this point, you might have two questions:
Setting up the Indent integration for Azure is as easy as clicking through an OAuth flow for your Azure AD tenant. From there you can set up your policies and start granting group membership.