Enabling JIT Access Requests
Via Web App
Via CLI
You can also configure access requests when creating a connection:--reviewers flag specifies which groups can approve access requests.
Requesting JIT Access
Users request time-based access using the--duration flag:
Duration Formats
| Format | Duration |
|---|---|
10m | 10 minutes |
30m | 30 minutes |
1h | 1 hour |
2h | 2 hours |
8h | 8 hours |
24h | 24 hours |
Configuration Options
Maximum Access Duration
Limit how long users can request access. Configure in Manage > Connections > [connection] > Settings.Multiple Approval Groups
When multiple groups are configured, all groups must approve before access is granted. Example: Configuredba-team and security-team as approvers:
- Request requires 1 approval from
dba-teamAND 1 approval fromsecurity-team - Either group can reject the request
Admin Auto-Approval
Admin users automatically approve their own requests. This is by design to ensure admins always have access. To test the full workflow, use a non-admin account.Integration with Slack
To receive and approve requests in Slack:- Configure the Slack integration
- Enable the
slackplugin on your connection:
- Approvers subscribe with
/hoop subscribein Slack - Access requests appear as interactive messages
Environment Variables
These environment variables affect JIT Access Requests behavior on the gateway:| Variable | Description | Default |
|---|---|---|
REVIEW_TIMEOUT_SEC | How long to wait for approval before timing out | 3600 (1 hour) |

