User with "Just in Time Access" -JIT

[Bit-101]

I want to accomplish a group of user that always has temporary access.

I have these componenent

-Netscaler Gateway 

-MFA with FortiAuthenticator (token that appears in the users moblie phone)

-Storefront

When I already have NetScaler, StoreFront and FortiAuthenticator, I belive there is no rereason to
implementing a separate third-party just in time access solution.

So I´m here with what I called Custom Integration
Create a custom integration that places an approval step between authentication and session creation with A script in Powershell:

NetScaler API access: The script must be able to send and receive data from the NetScaler API.
FortiAuthenticator API Access: To interact with FortiAuthenticator for authentication.
Approval process: A method of sending and receiving approvals with sms to a Admin Person.

This is my question to come further 
What API and Methods shall to use in Netscaler to accomplish this. Is there anyone who can give som example?

Really appreciate your answer

:)

[Jeff Riechers]

I would do it as a published app.  Users only have access to published app.  They click that app and select the app they want and duration.  This is logged and if they refresh storefront  they see the new app.  At time limit you have a process remove users from group.   I am in the process of designing something like this myself.