LogoLogo
Main SiteStart Now
  • Home
    • What Is BastionZero?
      • Server Access
      • Database Access
      • Kubernetes Access
      • Web Server Access
    • Product Security
    • Architecture
    • Taxonomy
  • Deployment
    • Getting Started
    • Installing the ZLI
    • Installing the Agent
    • Installing the Desktop App
  • Automation & Integrations
    • CircleCI
    • GitHub Actions
    • Go SDK
    • Google Cloud Run
    • Slack
      • Using the BastionZero app for Slack
    • Terraform
    • Third-Party Clients
  • Admin Guide
    • Authentication
      • SSO Management
      • User Management
      • MFA Management
      • Service Accounts Management
    • Authorization
    • Auditing
    • Target and Connection Management
  • How To Guides
    • Passwordless Database Access
      • Passwordless Access to MySQL and Postgres on GCP Cloud SQL
      • Passwordless Access to AWS RDS PostgreSQL
      • Passwordless Access to AWS RDS MySQL
      • Passwordless Access to Self-Hosted Postgres
    • How to use BastionZero to connect to a Linux Host using the ZLI
    • How to use BastionZero to manage SSH Keys
  • User Guide
    • Installing the ZLI
    • ZLI Cheat Sheet
    • Connecting to Your Targets
    • Troubleshooting Guide
  • ZLI Reference Manual
  • API Specification
  • Getting Help
  • Security Policy
  • Open Source Software Credits
    • Backend Services
    • Bzero Agent
    • Client Daemon
    • Desktop App
    • Go SDK
    • Helm Provider
    • Terraform Provider
    • Web App
    • ZLI
  • Product Changes
  • Service Status
  • GitHub
Powered by GitBook

Copyright © 2024

On this page
  • Setting up just-in-time with BastionZero app for Slack
  • Requesting just-in-time access
  • Connecting to your just-in-time target
  • Granting just-in-time access
  • Uninstalling the BastionZero app for Slack
  • Good to knows
  • Getting support
  1. Automation & Integrations
  2. Slack

Using the BastionZero app for Slack

The guide below will show you how to set up and use the BastionZero app for Slack to request, approve, and monitor just-in-time (JIT) access for your organization.

PreviousSlackNextTerraform

Last updated 6 months ago

The BastionZero product is maintained for existing BastionZero customers only.

Moving forward, we are natively rebuilding BastionZero’s technology as Cloudflare’s service.

Looking for something specific? Here are the topics covered below:

Setting up just-in-time with BastionZero app for Slack

To enable just-in-time with your BastionZero organization, ensure you are both a BastionZero administrator and an administrator in the Slack workspace where you'd like to install the BastionZero app.

  1. Enable the Slack integration from . Log in to the web app and navigate to the integrations page by following the settings gear in the top righthand corner -> platform settings -> app integrations. Select the "Slack" tab and click "Integrate with Slack."

  2. Authorize the BastionZero app via Slack. Once you click "Integrate with Slack," you will be redirected to the Slack OAuth page. It will detail the permissions needed by the BastionZero app. Before proceeding, make sure that the upper righthand corner displays the Slack workspace you wish to install the BastionZero app in.

    It is critical that you are an administrator in the Slack workspace you are installing the BastionZero app in and that you use the same SSO organization for both your Slack workspace and BastionZero. Otherwise, this integration will not succeed.

  3. Add BastionZero to your Slack workspace. From your Slack workspace, navigate to "Apps." This could be from the top menu bar: Go -> Apps or at the bottom of your navigation menu on the lefthand side of your Slack window. Search for and select BastionZero to add it to your workspace.

  4. Congratulations! Your organization can now manage just-in-time access through Slack!

Requesting just-in-time access

To request JIT access, try /bz-list-targets from any window in your Slack workspace

When you use this command, BastionZero will return all the targets available to you for just-in-time access.

To request access to a specific target, click the "Request Access" button to the right of the target name. Next, complete the form with the target user (and if needed for Kubernetes clusters, the target group), the policy action, and the request reason for why you need access to the target. Note that request reason is required.

Once you've filled in the details, click "Request."

If the JIT policy governing that target allows automatic approval, you will see a message from BastionZero confirming your access immediately. If the target requires explicit approval from a BastionZero admin, you'll get a notification from BastionZero when your request is approved.

For additional guidance within the BastionZero app, try /bz-list-targets help

If you require additional access to the target beyond what your initial JIT request allows, you must wait until the initial request expires. Only then will you be able to submit another access request.

Connecting to your just-in-time target

Granting just-in-time access

For BastionZero administrators who are on the approving end of a just-in-time request, the experience with the BastionZero app will look slightly different.

When a user requests access to a target, you'll receive a notification from the BastionZero app. This notification will be sent to all BastionZero administrators.

Any access request, whether accepted or denied, will be logged in the bzero-jit-log channel.

A full audit trail of just-in-time access decisions is available in the private bzero-jit-log channel that is created when BastionZero is installed to your Slack workspace. This channel automatically adds all BastionZero administrators in your organization. It is at the admins' discretion whether or not to include additional members.

Uninstalling the BastionZero app for Slack

  1. Remove the BastionZero app from your Slack workspace. Select the BastionZero app from your Slack workspace. Go to "About" -> "Configuration." This will take you to the BastionZero Slack app's webpage. Scroll to the bottom of the page and click "Remove App" to remove the BastionZero app from your workspace.

Good to knows

For convenience, we've brought together the few "good to knows" from the BastionZero app for Slack and the just-in-time feature documentation.

  1. To author just-in-time policy, you must first enable the BastionZero app for Slack from Settings -> App Integrations -> Slack.

  2. If you require additional access to the target beyond your initial JIT request, you must wait until the initial request's time expires. Only then will you be able to submit another access request.

  3. A full audit trail of just-in-time access decisions is available in the private bzero-jit-log channel that is created when BastionZero is installed to your Slack workspace. This channel automatically adds all BastionZero administrators in your organization. It is at the admins' discretion whether or not to include additional members.

Getting support

Up next: If you don't have any JIT policies set up yet, continue reading to learn more about how to create and manage your just-in-time policies.

Once you've received approval to access your just-in-time target, it becomes like any other target in BastionZero. Use the zli to connect to your target. For help, see our guide to .

Disable the Slack integration from . Log in to the web app and navigate to the integrations page by following the settings gear in the top righthand corner -> platform settings -> app integrations. Select the "Slack" tab and click "Remove Integration."

We're sorry to see you go! If you're willing to share why you chose not to use our app for Slack, please reach out to .

For additional assistance, please reach out to .

connecting to your targets
cloud.bastionzero.com
product@bastionzero.com
support@bastionzero.com
Access for Infrastructure
cloud.bastionzero.com
How to set up the BastionZero app
How to request JIT access using the BastionZero app
How to connect to your JIT target
How to grant JIT access using the BastionZero app
How to uninstall the BastionZero app
Good to knows
Getting support
here
Example output from using bz-list-targets
Example of a just-in-time request to the bzero-cluster
Example of a submitted just-in-time request
Example of a just-in-time request decision
An example of what a just-in-time access request looks like from the administrator's perspective
Example entries from the BastionZero JIT audit log