We get a lot of feedback around managing access to homegrown apps.
We realized the next step for us was to expand beyond engineering access management to managing access across the entire company.
Now, Opal integrates with any of your API-driven internal apps, which opens up a new world of permissions management. This is a huge step for both Opal and our customers, so we're very excited about it!
The process is super easy, and fits into your existing workflow.
Like any other permission set, all you have to do is create a custom connection and add the resources you need!
Let's talk about a few ways you and your team can leverage this new feature set.
With Opal, you can now automatically grant access to your internal apps to teams These can be groups you define based on role, department, customer, etc. Anyone added or removed from the group will automatically get the permissions they need.
For some in-house apps, it's fine to just give access to a group of people all the time. But for more sensitive applications, you might want to give what we call "short-lived" acess or "just-in-time" access. With Opal, you can give specific permissions to employees *only* when they need them, e.g. if they're resolving a support ticket or they're on-call.
As soon as they're done with the ticket (or not on-call anymore), access to sensitive in-house applications will automatically be removed. Pretty snazzy, right? We think so!
Check out how easy it is to request access in Opal below.
Meanwhile, over in Slack, the resource owner can hit the "Approve" button. Easy-peasy.
Just like other integrations you are already using with Opal, you'll now have access to extensive logs that will make your life easy when audit season rolls around.
The logs show who has access to what, how they got access, and what they're doing during their session. Having all this organized in one place in an easily accessible way will free up your team's resources and make audit season a tiny blip on the radar.
You can easily customize default access rules in your instance! This means you can segregate sensitive permissions based on customer, region, or type so everyone has the permissions they need—no more and no less. Because, let's be real, you could give everyone permissions all the time, but is that really a good idea?
Here's an example of how you would create a custom connection to manage access to a home-grown customer impersonation tool.
If you're interested in getting a demo to integrate with internal tools, shoot an email to firstname.lastname@example.org and we'll take care of you! Every feature on our roadmap is intentional because if you're happy, we're happy, so reach out any time with comments, questions, or concerns. 💗 Oh, and follow us on Twitter for security tips and tricks (along with the occasional nerdy meme!).