- Idemeum docs
Quick-start guides
- Quick-start guides
Just-in-time admin accounts
Endpoint privilege management
Password vault
Multi-tenant MSP portal
- MSP portal overview
Desktop agent
Passwordless MFA
- Overview
- Passwordless MFA for Windows
Cloud directory
Cloud RADIUS
RFID Single Sign-On
Single Sign-On
Security
- Overview
- Security whitepaper
Support
- Contact support team
- Support options
Knowledgebase
Legal
- Terms of service
- Privacy policy

Just-in-time admin accounts

Enable domain JIT accounts

In this post we will explore how to enable domain JIT accounts, so that technicians can access any domain-joined workstation with on-demand domain accounts.

Overview

By default technicians access any customer workstation with local admin accounts. If you want to install idemeum desktop agent on domain controller and also leverage domain JIT accounts for your technicians, then you need to enable domain JIT accounts.

❗

When you want to use domain JIT accounts you need to install idemeum desktop agent on domain controller.

Enable domain JIT accounts

Navigate to your idemeum admin portal
Access Settings → Desktop agent
From the dropdown for Domain computers login mode choose the Domain setting from the dropdown

💡

If you are installing new desktop agents, the setting will be picked up right away. If you have existing agents, they will update the settings in within 6 hour window.

On this page