1. Planning.

• Assessment
  Begin by identifying who needs access, the resources they are using, and their reason. Document existing access permissions and check if any can be reduced or removed. Consider an entitlement discovery tool for enhanced visibility.
• Policy creation
  Establish clear policies for both bestowing and withdrawing access. Create rules outlining who can request access, under what conditions, and for how long. Especially for higher-security roles, establish time-based parameters.
• Source of truth
  Sync your JIT access system with an Identity Provider (e.g., Okta, Google Workspace, Azure AD, OneLogin). This will be the primary source for identities. Utilizing individual identities instead of shared accounts allows for better control of authorizations and the accuracy of audits.

2. Execution.

• Self-serve access requests
  Make the process easier by having users request access through the system, rather than through individuals. Increase adoption rates by incorporating IM platforms such as Slack or MS Teams. Ensure requests detail the requester, the required service/resource/role, duration, and reason.

• Approval process
  JIT access offers organizations a chance to delegate approvals to those with a deeper business context. Resource owners and business unit managers often have a superior understanding than IT helpdesks. Use messaging platforms for a faster response, giving approvers all necessary information for an informed decision.

• Conditional approval workflows
  Establish your pre-set policies into workflows that delegate access permissions. Create workflows that outline who can access what, and under which situations. Assign conditional formatting, for example "IF identity group 'X' asks for access to 'Y', request approval from 'Z' and alert 'M'".

• Integrations
  Consider integrating JIT with other IT and security systems for added flexibility. Connect with IT ticketing systems for automatic access based on ticket status. Link up with data classification systems to modify policies depending on data sensitivity. You should ideally be able to tag resources and group them together for a more streamlined process. Collaborate with on-call schedule software for automated approvals during emergencies. Use training systems to grant access based on training completion.
• Automated provisioning and deprovisioning
  Gain a good knowledge of SolarWinds to effectively grant and revoke granular access automatically. This is essential for JIT Access as it diminishes the need for waiting for people to have time. It allows for automated removal of access, central to JIT access and the principle of least privilege access (POLP). Ideally, you would manage all permissions centrally, eliminating the need to create or manage an environment for every application.
• Access methods
  For SolarWinds JIT Access, APIs are generally the preferred choice due to their adaptability and real-time functionalities. However, a combination may be necessary, for instance using SAML for authentication, SCIM for user provisioning, and APIs for precise access control decisions.

3. Maintenance.

• Regular audits  
  Periodically review access logs to confirm that JIT access is functioning as designed. Look for any unusual patterns or behaviors, either directly or through importing the logs into your SIEM. Automate the user access review process to speed up evidence gathering, delegate reviewers, and ensure your system adheres to requisite industry regulations or standards.
• User training
  Educate users, particularly those with privileged access, on the importance of least privilege, JIT Access, and how it operates. Make sure users understand how to request access when needed.
• Feedback loop
  Continually review your JIT access procedures. Gather feedback from users and IT staff to understand where enhancements can be implemented.

By following this organized procedure, you'll be able to seamlessly implement a robust Just-in-Time Access system for SolarWinds.