Skip to main content

📁 JIT Admin Access

Overview (JIT)

Eliminate shared credentials when accessing Windows, macOS, and M365 tenants.

Overview

Just-in-time Admin Access (JIT) is all about eliminating shared credentials and standing privileges when accessing Windows, macOS, or M365 tenants. Idemeum will automatically generate unique named admin accounts for your technicians, enable these accounts only for the duration of the session, and rotate passwords automatically after every login. Every login is protected with Passwordless FIDO2 compliant MFA, and every session is tracked in the audit trail.

Every cyber security framework requires individual secure accounts for admin access. If you need to maintain security compliance, it is a big pain - say you have 100 customers and 15 technicians, then you need to manage 1500 unique accounts, creating them, disabling, rotating passwords, and distributing credentials. Idemeum solves all these problems with JIT Admin Access product.

Supported platforms

  • Windows 10, 11, Server 2016 and later
  • macOS 14 and later

Features

  • JIT computer access - eliminate shared credentials and replace them with individual on-demand accounts when accessing computers and servers.
  • JIT computer elevation - when standard user is logged into the computer and you need to elevate that user to help with troubleshooting, you can simply scan the QR-code and approve with biometrics performing on-demand user elevation.
  • JIT Entra ID access - eliminate shared credentials and replace then with individual on-demand accounts when accessing Microsoft Entra ID tenants.
  • Cloud LAPS - store break-glass computer and Entra ID accounts with idemeum zero-knowledge cloud vault and enable automatic password rotation.
  • Passwordless MFA - instead of looking for passwords, copy pasting credentials, and sharing MFA codes, technicians simply scan login QR-code with idemeum mobile app and login with biometrics.
  • Zero-standing privilege - idemeum will automatically enable admin accounts when they are needed, and will automatically disable them when not in use. This way you maintain highest level of security with zero-standing privilege.
  • Auto password rotation - idemeum will rotate admin accounts passwords after each technician login, or daily rotate passwords for break-glass accounts.
  • Access control - define who can access what organizations, can login into what workstations with JIT accounts, and view LAPS credentials.
  • Auditing - detailed audit logs are captured and maintained in the cloud (computer log in, log off, lock and offline code access).
  • Offline access - when the workstation is offline, technicians can login with one-time codes that can be retrieved from the idemeum mobile application.
  • Login modes - very flexible configurations to choose if you want to use shared / individual accounts, or domain / local accounts with domain environments.