I haven’t tried it yet but if you look at the PAM comment in the other thread, you can find it under IAM admin. I don’t believe it needs any licence it’s just a service gcp provides like most other native services. JIT is open source, probably gives you more control if you prefer to manage this yourself or make changes to it to suit your customisation need but as the other thread suggested, I agree you should try PAM first before looking at JIT

And I cannot find any documentation about it either

Do you mind giving more information on what you are referring to? I am aware Google has something coming out at some point as an alternative but still in private review.

@@richardshenghua GCP has already rolled out PAM(Privileged Access Manager) which is located in "IAM & Admin" service.

@@PMSarathaha nice, yup this is the same thing I was referring to that I knew was in private review but didn't realised it's there. But it's still in public review and have you already tried it and does it offer the same features such as requesting "without" approval? Would be good if you could share your experienced if you have tried to understand how well it works compares to JIT

Certainly! Despite being in preview mode, we've successfully deployed it within our organization. The functionality is quite similar to JIT and PAM also supports requesting without approval. Here's a concise overview of the console process: 1. Navigate to "IAM & Admin" -> Click "PAM". 2. Click on "Create" to initiate a new entitlement. 3. Provide details such as entitlement name, resource, role (up to 5 roles currently), and grant duration (ranging from min 1 hour to a maximum of 24 hours). 4. Add the Requesters principal, along with optional justification. 5. Include Approvers with or without approval principal/justification. 6. Optionally, add extra notification principals for receiving notifications.

@@PMSarathamazing will have a look as well.