I am trying to implement JIT for GCP in our Organization. From what I understand from this video is, GCP does not have native solution to support JIT, but this Open-Source tool they have developed. And as this is open source, we cannot have any support from Google in case in future we encounter any issues after implementing this solution. Now there is PAM feature in GCP they have introduced for JIT. Is there any license cost associated with it? Is there any document anyone can share here? Share your thoughts on all above points I mentioned here.
I haven’t tried it yet but if you look at the PAM comment in the other thread, you can find it under IAM admin. I don’t believe it needs any licence it’s just a service gcp provides like most other native services. JIT is open source, probably gives you more control if you prefer to manage this yourself or make changes to it to suit your customisation need but as the other thread suggested, I agree you should try PAM first before looking at JIT
Do you mind giving more information on what you are referring to? I am aware Google has something coming out at some point as an alternative but still in private review.
@@PMSarathaha nice, yup this is the same thing I was referring to that I knew was in private review but didn't realised it's there. But it's still in public review and have you already tried it and does it offer the same features such as requesting "without" approval? Would be good if you could share your experienced if you have tried to understand how well it works compares to JIT
Certainly! Despite being in preview mode, we've successfully deployed it within our organization. The functionality is quite similar to JIT and PAM also supports requesting without approval. Here's a concise overview of the console process: 1. Navigate to "IAM & Admin" -> Click "PAM". 2. Click on "Create" to initiate a new entitlement. 3. Provide details such as entitlement name, resource, role (up to 5 roles currently), and grant duration (ranging from min 1 hour to a maximum of 24 hours). 4. Add the Requesters principal, along with optional justification. 5. Include Approvers with or without approval principal/justification. 6. Optionally, add extra notification principals for receiving notifications.
I am trying to implement JIT for GCP in our Organization. From what I understand from this video is, GCP does not have native solution to support JIT, but this Open-Source tool they have developed. And as this is open source, we cannot have any support from Google in case in future we encounter any issues after implementing this solution.
Now there is PAM feature in GCP they have introduced for JIT. Is there any license cost associated with it? Is there any document anyone can share here?
Share your thoughts on all above points I mentioned here.
I haven’t tried it yet but if you look at the PAM comment in the other thread, you can find it under IAM admin. I don’t believe it needs any licence it’s just a service gcp provides like most other native services. JIT is open source, probably gives you more control if you prefer to manage this yourself or make changes to it to suit your customisation need but as the other thread suggested, I agree you should try PAM first before looking at JIT
And I cannot find any documentation about it either
Can we login to jit console using a gcp service account? I want to give a project access to a particular gcp service account.
We can use PAM instead of JIT
Do you mind giving more information on what you are referring to? I am aware Google has something coming out at some point as an alternative but still in private review.
@@richardshenghua GCP has already rolled out PAM(Privileged Access Manager) which is located in "IAM & Admin" service.
@@PMSarathaha nice, yup this is the same thing I was referring to that I knew was in private review but didn't realised it's there. But it's still in public review and have you already tried it and does it offer the same features such as requesting "without" approval? Would be good if you could share your experienced if you have tried to understand how well it works compares to JIT
Certainly! Despite being in preview mode, we've successfully deployed it within our organization. The functionality is quite similar to JIT and PAM also supports requesting without approval.
Here's a concise overview of the console process:
1. Navigate to "IAM & Admin" -> Click "PAM".
2. Click on "Create" to initiate a new entitlement.
3. Provide details such as entitlement name, resource, role (up to 5 roles currently), and grant duration (ranging from min 1 hour to a maximum of 24 hours).
4. Add the Requesters principal, along with optional justification.
5. Include Approvers with or without approval principal/justification.
6. Optionally, add extra notification principals for receiving notifications.
@@PMSarathamazing will have a look as well.
Promo'SM