Welcome to GrantFlow
GrantFlow is your enterprise-grade solution for just-in-time (JIT) privileged access management in Microsoft Entra ID and on-premises Active Directory environments. Our platform eliminates standing privileges while maintaining operational efficiency through intelligent automation and streamlined workflows.
Quick Start
Get up and running with GrantFlow in minutes:
If you are setting up GrantFlow in a customer tenant, start with the Onboarding section:
- EntraID Tenant Setup: admin-guides/customer-tenant-entra-setup
- GrantFlow CLI: getting-started/cli
These guides walk you through creating tenant-scoped client apps and authenticating the CLI via device code.
For New Users
Start with our comprehensive getting started guide
For Administrators
Configure and manage your GrantFlow deployment
Key Capabilities
Zero Standing Privileges
Transform your security posture by eliminating persistent privileged access. GrantFlow ensures users only have the permissions they need, when they need them.
Lightning-Fast Activation
- Sub-10 second role activation
- Automated approval workflows
- Real-time provisioning across hybrid environments
- Intelligent role recommendations based on context
Complete Audit Trail
Every action is logged with immutable audit records:
- Who requested access
- What was approved or denied
- When actions occurred
- Why decisions were made
- Where access was granted
Enterprise-Grade Security
- Outbound-only connectors - No inbound firewall rules required
- End-to-end encryption - TLS 1.3 for all communications
- Zero-trust architecture - Never trust, always verify
Platform Architecture
GrantFlow seamlessly integrates with your existing Microsoft infrastructure:
graph LR
A[User Portal] --> B[GrantFlow Cloud]
B --> C[Connector]
C --> D[Entra ID]
C --> E[Active Directory]
B --> F[Audit Logs]
B --> G[Compliance Reports]
Core Features
| Feature | Description |
|---|---|
| Just-in-Time Access | Provision privileges only when needed, automatically revoke when done |
| Approval Workflows | Multi-level approval chains with delegation and escalation |
| Role Lifecycle Management | Automated creation, modification, and retirement of roles |
| Connector Health Monitoring | Real-time status of all connectors with automatic failover |
| Compliance Reporting | Pre-built reports for SOC2, ISO 27001, and custom frameworks |
| API Integration | RESTful APIs for integration with ITSM and SIEM platforms |
User Experience
GrantFlow provides intuitive interfaces for every user type:
For Operators
- Self-service portal for requesting access
- Mobile-responsive design for on-the-go approvals
- Role catalog with smart search and filtering
- Session tracking with automatic extensions
For Reviewers
- Unified inbox for all pending approvals in the Requests page
- Risk scoring to prioritize reviews
- Bulk operations for efficient processing
- Approval workflows with detailed request context
For Administrators
- User management with role assignment controls
- Role management with approval policy configuration
- Connector management with health metrics and job monitoring
- Comprehensive audit trail with detailed activity logs
Documentation Structure
Our documentation is organized by user persona:
Why Choose GrantFlow?
Reduce Risk
- Eliminate standing privileges
- Enforce least privilege access
- Prevent credential theft
- Meet compliance requirements
Improve Efficiency
- Automate access provisioning
- Streamline approval workflows
- Reduce help desk tickets
- Enable self-service access
Getting Started Checklist
Before you begin, ensure you have:
- Entra ID Global Administrator or equivalent permissions
- Network connectivity for outbound HTTPS (443)
- Service account for connector authentication
- Approval workflow design documented
- Initial role catalog identified
Ready to start? Head to our Getting Started Guide →
Support & Resources
Ready to Transform Your Privileged Access Management?
Start Your Journey
Begin with your first role activation and experience GrantFlow
Administrator Resources
Explore comprehensive guides for platform configuration