Device sharing

Overview

With idemeum you can control who can login into which workstation with JIT admin account. Here is the typical scenario:

• You onboard a new technician into your organization.
• As a first step you delegate access to a certain customer tenant, so that technician can access customer machines with JIT accounts and approve elevation requests with the idemeum mobile app.
• By default, technician will access ALL customer machines (by default idemeum assigns All admins group to all machines at the creation time), but if you want to limit access to certain servers, or domain controllers, you can specify users and groups in the Share device section for each workstation.
• You can even grant Viewer or Owner access level, where Viewer can login to the machine, but can not manage or configure this machine in any way in the portal, whereas Owner can login and manage this machine in idemeum portal.

Sharing configuration

• Access admin portal for any of your customer tenants
• Navigate to Devices section

• Search for any device, click on ..., and choose Share device

• You can now configure the access control for the device
  • Remove All admins and All users as these groups are assigned by default.
  • Choose any group or user who need to access this workstation
  • Choose the access level - Viewer can login only, Owner can login and configure device.

• If the user is trying to login to the device that is now shared with him, the following message will be displayed.