Skip to main content

JIT for computers settings

Navigate to SettingsJIT access to configure how you want JIT accounts to be managed for your customer / organization. IMG 1376
Technician login mode
individual | shared
Choose how you want technicians to login into workstations - with individual accounts or one shared account per organization / customer tenant. Default is individual accounts as that is required by security frameworks.
Domain computers login mode
local | domain | prompt to choose
Choose how technicians login to domain computers. By default local admin account is used.
  • Local - create local admin account on the workstation
  • Domain - create domain account on DC. For this case you need to install idemeum agent on domain controller
  • Prompt to choose - when you scan idemeum QR-code you will be presented with option to choose what account to use - domain or local. For this option you need to install idemeum agent on domain controller.
Choose OU for JIT domain accounts
OU string
For domain JIT computer accounts you can choose the Organization Unit (OU) container where these accounts will be created.
  • The default location for each tenant is <your domain>/Users
  • You can choose to create any OU or a set of nested OUs for your JIT accounts, i.e <your domain>/JIT accounts or <your domain>/JIT/MSP accounts etc. You just need to specify the path.
  • If OU path does not exist, idemeum will create the corresponding OU containers.
  • The nested containers under Users are NOT supported. For instance, <your domain>/Users/JIT accounts is not supported
  • If you used the path 1 for your JIT accounts and they were already created, and then you change the path to path 2, next time when JIT login is performed, JIT account will be moved to the new location
Account password length
12 | 16 | 24
Chose the password length for created JIT admin accounts.
Enable login via TOTP
on | off
By default technicians login by scanning a QR-code with idemeum mobile app. You can also provide on option to login with OTP even when computer is not offline. Technicians retrieve the OTP from mobile app and enter it into the login screen.
Enable push notifications for login
on | off
Enable the option to send a push notification to a mobile app instead of scanning a login QR-code. Technicians enter their email address and then approve a notification on their mobile app.