Quick Start: JIT Access

This guide walks you through requesting temporary AWS access through the JIT Access Portal.

Prerequisites

• Your organization has been onboarded on Prism
• You have the Prism URL for your organization (e.g., https://yourcompany.prism.cloudkeeper.com)
• Your user account exists in Prism
• There is atleast one AWS Account onboarded
• There is atleast one permission set created in the Admin portal

Step 1: Log In

1. Navigate to your organization's Prism URL: https://yourcompany.prism.cloudkeeper.com
2. After authenticating from your Identity Provider, you'll be redirected to the Application Selection screen
3. Select JIT Portal, you'll land on the JIT dashboard

Step 2: Request Access

1. Click Request Access in the sidebar
2. Fill in the request form:
   • AWS Account — Select the account you need access to
   • Permission Set — Choose from available permission sets:
     • Standard — Select a pre-defined permission set
     • Custom — Define custom AWS managed policies for this request
   • Duration — How long you need access (e.g., 1 hour, 4 hours)
   • Reason — Explain why you need access (required for audit trail)
3. Click Submit Request

Step 3: Track Your Request

1. Click My Requests in the sidebar
2. Find your request in the list
3. Check the status:
   • Pending — Waiting for approval from account owner
   • Approved — Access granted, session will be created
   • Rejected — Request was denied (check the rejection reason)
   • Expired — Session expired for the request

Step 4: Use Your Access

Once approved:

1. Click Active Sessions in the sidebar
2. You'll see your active session with:
   • The AWS account and permission set
   • Time remaining before the session expires
3. Access the AWS account through the AWS SSO Login from the Application selection screen
4. Your access will automatically expire when the session duration ends

The JIT Access Lifecycle

Request → Pending Approval → Approved → Active Session → Expired
                           → Rejected

1. Request — You submit a request with account, permissions, duration, and reason
2. Pending Approval — Account owners are notified and review the request
3. Approved/Rejected — An approver takes action on the request
4. Active Session — If approved, a temporary session is created in AWS
5. Expired — The session automatically expires after the requested duration

Tips

• Be specific in your reason — This helps approvers make faster decisions
• Request only what you need — Use the least-privilege permission set and shortest duration necessary
• Check active sessions — You can see all your current active sessions and their remaining time
• Requests expire — If no one approves your request within the timeout period, it will expire automatically

Next Steps

• How JIT Access Works — Understand the full JIT lifecycle
• Request Access — Detailed guide on making requests
• My Requests — Managing your request history
• Active Sessions — Monitoring your sessions