# Using the BastionZero app for Slack {% hint style="danger" %} ### **The BastionZero product is maintained for existing BastionZero customers only.** Moving forward, we are natively rebuilding BastionZero’s technology as Cloudflare’s [Access for Infrastructure](https://developers.cloudflare.com/cloudflare-one/applications/non-http/infrastructure-apps/) service. {% endhint %} Looking for something specific? Here are the topics covered below: * [How to set up the BastionZero app](#setting-up-just-in-time-with-bastionzero-app-for-slack) * [How to request JIT access using the BastionZero app](#requesting-just-in-time-access) * [How to connect to your JIT target](#connecting-to-your-just-in-time-target) * [How to grant JIT access using the BastionZero app](#granting-just-in-time-access) * [How to uninstall the BastionZero app](#uninstalling-the-bastionzero-app-for-slack) * [Good to knows](#good-to-knows) * [Getting support](#getting-support) ## Setting up just-in-time with BastionZero app for Slack {% hint style="warning" %} To enable just-in-time with your BastionZero organization, ensure you are both a BastionZero administrator **and** an administrator in the Slack workspace where you'd like to install the BastionZero app. {% endhint %} 1. **Enable the Slack integration from** [**cloud.bastionzero.com**](https://cloud.bastionzero.com)**.** Log in to the web app and navigate to the integrations page by following the settings gear in the top righthand corner -> platform settings -> app integrations. Select the "Slack" tab and click "Integrate with Slack."\

2. **Authorize the BastionZero app via Slack.** Once you click "Integrate with Slack," you will be redirected to the Slack OAuth page. It will detail the permissions needed by the BastionZero app. **Before proceeding, make sure that the upper righthand corner displays the Slack workspace you wish to install the BastionZero app in.**

It is critical that you are an administrator in the Slack workspace you are installing the BastionZero app in and that you use the same SSO organization for both your Slack workspace and BastionZero. Otherwise, this integration will not succeed.

3. **Add BastionZero to your Slack workspace.** From your Slack workspace, navigate to "Apps." This could be from the top menu bar: Go -> Apps or at the bottom of your navigation menu on the lefthand side of your Slack window. Search for and select BastionZero to add it to your workspace. 4. **Congratulations!** Your organization can now manage just-in-time access through Slack! **Up next:** If you don't have any JIT policies set up yet, continue reading [**here**](https://docs.bastionzero.com/docs/admin-guide/authorization#just-in-time) to learn more about how to create and manage your just-in-time policies. ## Requesting just-in-time access #### To request JIT access, try `/bz-list-targets` from any window in your Slack workspace When you use this command, BastionZero will return all the targets available to you for just-in-time access.

Example output from using `bz-list-targets`

To request access to a specific target, click the "Request Access" button to the right of the target name. Next, complete the form with the `target user` (and if needed for Kubernetes clusters, the `target group`), the policy action, and the request reason for why you need access to the target. Note that request reason is ***required***.

Example of a just-in-time request to the `bzero-cluster`

Once you've filled in the details, click "Request."

Example of a submitted just-in-time request

If the JIT policy governing that target allows automatic approval, you will see a message from BastionZero confirming your access immediately. If the target requires explicit approval from a BastionZero admin, you'll get a notification from BastionZero when your request is approved.

Example of a just-in-time request decision

{% hint style="info" %} For additional guidance within the BastionZero app, try `/bz-list-targets help` {% endhint %} {% hint style="warning" %} If you require additional access to the target beyond what your initial JIT request allows, you must wait until the initial request expires. Only then will you be able to submit another access request. {% endhint %} ## Connecting to your just-in-time target Once you've received approval to access your just-in-time target, it becomes like any other target in BastionZero. Use the `zli` to connect to your target. For help, see our guide to [connecting to your targets](https://docs.bastionzero.com/docs/user-guide/connecting-to-your-resources). ## Granting just-in-time access For BastionZero administrators who are on the approving end of a just-in-time request, the experience with the BastionZero app will look slightly different. When a user requests access to a target, you'll receive a notification from the BastionZero app. This notification will be sent to all BastionZero administrators.

An example of what a just-in-time access request looks like from the administrator's perspective

Any access request, whether accepted or denied, will be logged in the `bzero-jit-log` channel. {% hint style="info" %} A full audit trail of just-in-time access decisions is available in the private `bzero-jit-log` channel that is created when BastionZero is installed to your Slack workspace. This channel automatically adds all BastionZero administrators in your organization. It is at the admins' discretion whether or not to include additional members. {% endhint %}

Example entries from the BastionZero JIT audit log

## Uninstalling the BastionZero app for Slack 1. **Disable** **the Slack integration from** [**cloud.bastionzero.com**](https://cloud.bastionzero.com)**.** Log in to the web app and navigate to the integrations page by following the settings gear in the top righthand corner -> platform settings -> app integrations. Select the "Slack" tab and click "Remove Integration."

2. **Remove the BastionZero app from your Slack workspace.** Select the BastionZero app from your Slack workspace. Go to "About" -> "Configuration." This will take you to the BastionZero Slack app's webpage. Scroll to the bottom of the page and click "Remove App" to remove the BastionZero app from your workspace.

We're sorry to see you go! If you're willing to share why you chose not to use our app for Slack, please reach out to . ## Good to knows For convenience, we've brought together the few "good to knows" from the BastionZero app for Slack and the just-in-time feature documentation. 1. To author just-in-time policy, you must first enable the BastionZero app for Slack from Settings -> App Integrations -> Slack. 2. If you require additional access to the target beyond your initial JIT request, you must wait until the initial request's time expires. Only then will you be able to submit another access request. 3. A full audit trail of just-in-time access decisions is available in the private `bzero-jit-log` channel that is created when BastionZero is installed to your Slack workspace. This channel automatically adds all BastionZero administrators in your organization. It is at the admins' discretion whether or not to include additional members. ## Getting support For additional assistance, please reach out to .