Skip to main content
This page covers the configuration options for Just-in-Time Access Requests. For an introduction to how JIT Access Requests work, see JIT Access Requests.

Enabling JIT Access Requests

Via Web App

1

Navigate to Access Requests

Go to Manage > Access Requests in the Web App
2

Activate the Connection

Find your connection and toggle it to Active
Enable JIT access requests
3

Configure Approval Groups

Click Configure and select the groups that can approve requests
Configure approval groups
Selecting multiple groups requires all groups to approve before access is granted.

Via CLI

You can also configure access requests when creating a connection: 
hoop admin create conn prod-postgres \
  --agent default \
  --reviewers 'dba-team,security' \
  -- psql -h localhost -U postgres
The --reviewers flag specifies which groups can approve access requests.

Requesting JIT Access

Users request time-based access using the --duration flag: 
hoop connect prod-postgres --duration 2h
The CLI will wait for approval: 
⣷ waiting for access request to be approved at https://use.hoop.dev/access-requests/abc123...

Duration Formats

FormatDuration
10m10 minutes
30m30 minutes
1h1 hour
2h2 hours
8h8 hours
24h24 hours

Configuration Options

Maximum Access Duration

Limit how long users can request access. Configure in Manage > Connections > [connection] > Settings.

Multiple Approval Groups

When multiple groups are configured, all groups must approve before access is granted. Example: Configure dba-team and security-team as approvers:
  • Request requires 1 approval from dba-team AND 1 approval from security-team
  • Either group can reject the request

Admin Auto-Approval

Admin users automatically approve their own requests. This is by design to ensure admins always have access. To test the full workflow, use a non-admin account.

Integration with Slack

To receive and approve requests in Slack:
  1. Configure the Slack integration
  2. Enable the slack plugin on your connection:
hoop admin create conn prod-postgres \
  --agent default \
  --reviewers 'dba-team' \
  --plugin slack \
  -- psql -h localhost -U postgres
  1. Approvers subscribe with /hoop subscribe in Slack
  2. Access requests appear as interactive messages

Environment Variables

These environment variables affect JIT Access Requests behavior on the gateway:
VariableDescriptionDefault
REVIEW_TIMEOUT_SECHow long to wait for approval before timing out3600 (1 hour)

JIT Access Requests Overview

Learn how JIT Access Requests work and common use cases

Action Access Requests

Configure per-command approval workflows

Slack Integration

Set up Slack for access request notifications

Access Control

Configure who can access which connections