Skip to main content

JIT Computer Access

Co-managed JIT login

Onboard admins of your customers so that they can perform JIT logins, access credentials, and approve elevation requests.

Overview

With idemeum you can onboard customer admins with a mobile app, and allow them to manage elevation requests and perform JIT logins into customer workstations.

  • You need to onboard co-managed admin into a customer tenant, not into your MSP tenant
  • Once onboarded, you need to promote the user to admin, and that user will automatically assume the role of co-managed user
  • We automatically generate the username for co-managed user and prefix it with co-. For instance, for user nik@company.com the username will be co-nik. You can change this username to whatever you like when creating the user.
The reason we use prefix is to avoid taking over the existing customer account if that exists. When you choose to use custom username, make sure it does not overlap with existing accounts.

Configuration

  • Navigate to your customer tenant admin portal where you would like to onboard co-managed user
  • Click on Customer users and choose Add user
  • Create the user record by providing first name, last name, and the email address. We will automatically generate the username.
  • Now the user installs idemeum mobile app, verifies the email address that was used when creating the user record, navigates to the customer tenant URL and scans the QR-code.
  • After the user is successfully onboarded, you click on ... next to that user record and choose Make admin
  • Once you promote the user to admin, the user record will be assigned the co-managed status.
  • The user can now access workstations with JIT login and will be able to approve elevation requests.