AI Prototype: Just-in-Time Identity Access Decision Engine

The Problem I Kept Seeing

In most enterprises I’ve worked with, identity risk doesn’t fail loudly—it silently accumulates.

• Users retain access long after they need it

• Privileged roles remain active despite inactivity

• Access reviews happen periodically, not when risk actually emerges

Traditional IAM systems try to solve this using:

• Static rules

• Periodic certifications

• Manual reviews

But the reality is simple: Risk is dynamic — while controls are static

The Idea

I wanted to explore a fundamental shift: Can access decisions be made in real time based on risk?

Instead of asking: “Who has access?”

We should be asking: “Should this access be granted right now?”

This led me to build a lightweight prototype of a: AI-Powered Just-in-Time (JIT) Access Decision Engine

How I Built It

To keep things fast and practical, I used:

• Streamlit → for building a simple interactive UI

• GitHub → for version control and deployment

• OpenAI API → for intelligent decision-making

• Python (Pandas) → for handling data and risk logic

Instead of analyzing CSVs offline, I simulated a live access request flow.

Input (User Request)

• User name

• Role

• Last login activity

• Privilege level

• Requested access

Decision Engine

The system evaluates risk in two layers:

1. Deterministic Risk Scoring

Simple logic:

• High privilege → higher risk

• Admin role → higher risk

• Inactivity (>90 days) → higher risk

This produces a risk score (0–100) instantly.

2. AI-Based Decisioning

The risk score + user context is sent to the OpenAI model, which decides:

• APPROVE

• APPROVE WITH CONDITIONS

• DENY

Along with:

• Reasoning

• Risk drivers

• Recommended controls

Building the Interface

Using Streamlit, I created a simple UI:

• Input form for access request

• “Evaluate Access” button

• Real-time decision output

This transforms the prototype from: code → into a working product experience

Secure Deployment

The app was deployed using:

• GitHub repository for code management

• Streamlit Cloud for hosting

Sensitive data like API keys were handled securely using:

• Environment variables / Secrets (not hardcoded)

Testing the System

I tested multiple real-world scenarios:

Scenario 1: High Risk

Admin + inactive (120 days)

• Result: Deny access

Scenario 2: Medium Risk

User + high privilege + moderate activity

Result: Conditional approval

• Require MFA

• Time-bound access

Scenario 3: Low Risk

• Active user + low privilege

• Result: Approve access

Key Insights

• Identity risk is strongly tied to privilege + inactivity

• AI can convert raw signals into real-time decisions

• Static reviews can be replaced with continuous evaluation

The Bigger Shift

This experiment reinforced a broader transformation in IAM:

From:

• Static governance

• Periodic reviews

To:

• Real-time decisioning

• Risk-adaptive access

Why This Matters

For enterprises, this approach enables:

• Reduced security exposure

• Faster access decisions

• Scalable identity governance

• Better auditability

Most importantly: Access becomes contextual, not permanent

What’s Next

This is just the starting point. I’m extending this into:

• Just-in-Time Access Provisioning (time-bound access)

• Non-Human Identity Risk Analysis

• Continuous risk monitoring