This website collects cookies to deliver better user experience. By using this site you agree to the use of cookies.  See our privacy policy
Ok
P0Security Logo
Close
HomeAboutPricingBlogNewsCommunityDocs
Sign up for freeSign in
Video

Five minutes to secure OCI access with least-privilege just-in-time provisioning

You sign into Oracle Cloud Infrastructure (OCI) through SSO and everything looks normal… until you try to do real work. No compute instances. No permissions that let you touch the resources you actually own.

This is where teams slip into standing access. Not because they want to be reckless, but because the fastest way to get unblocked is to hand out a permanent role “for now” and deal with cleanup later. Later never comes.

With P0, you keep OCI access at zero by default. When you need to act, you request a specific OCI role for a specific duration with a clear reason. An admin approves it, access shows up immediately in your existing OCI session and it expires automatically when the window ends.

Experiential emphasis

You can authenticate, but you still have zero standing access.

You request exactly what you need, nothing more.

Approval happens in the flow of work.

Access is short-lived by default.

When time’s up, it’s gone.

What this enables

  • Give engineers fast access without leaving standing privileges behind.
  • Map your existing SSO identity into OCI without pre-provisioning users and groups ahead of time.
  • Grant a tightly-scoped role for a defined task and duration, then remove it automatically.
  • Keep permissions limited to the exact resource set and actions you approved.

Why this problem persists

Standing access sticks around because the “easy” path is manual: pre-create users, groups and policies, reuse them when someone is blocked, then forget to unwind it.

This isn’t negligence. It’s drift caused by friction, time pressure and controls that are too coarse to use safely in the moment.

How it works

Here’s what you’ll see, step by step.

  • Sign into OCI via SSO and confirm you have no standing access to compute instances
  • Open the P0 web app and request the OCI group you need
  • Choose a specific role with tightly-scoped permissions, add a justification and set a duration
  • An administrator reviews and approves the request (shown via MS Teams approval)
  • Refresh your existing OCI session and see the newly granted permissions without switching accounts or credentials
  • Manage only the instances covered by that role and nothing else
  • When the duration expires, access is removed automatically by revoking group membership and associated permissions
  • Revoke access manually at any time if needed
Explainer Video

Why this matters

Standing access is where real risk lives. It turns one-off operational needs into always-on privilege and it makes incidents harder to contain when something goes wrong.

Just-in-time, least-privilege access gives you a cleaner audit story too: who requested access, who approved it, what they could do and when it ended. No guessing, no “we think they still had access,” no long tail of permissions you meant to clean up later.

Watch the video and see what it looks like to keep OCI access short-lived, tightly scoped and auditable… without slowing engineers down.

< Return to video series

Struggling to control production access in hybrid or multi-cloud environments?

Get a demo of P0 Security, the next-gen PAM platform built for every identity.

Get a demoExplore the sandbox