> ## Documentation Index
> Fetch the complete documentation index at: https://docs.idemeum.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Configure JIT for computers

> Configure how you want JIT computer access to work.

## JIT for computers settings

Navigate to `Settings` → `JIT access` to configure how you want JIT accounts to be managed for your customer / organization.

<img src="https://mintcdn.com/idemeum/CvuE9dn848QPFOaI/images/IMG_1376.png?fit=max&auto=format&n=CvuE9dn848QPFOaI&q=85&s=d6140202e9f13b00b3bc71b4b9905480" alt="IMG 1376" width="1600" height="1309" data-path="images/IMG_1376.png" />

<ParamField path="Technician login mode" type="individual | shared">
  Choose how you want technicians to login into workstations - with `individual accounts` or one `shared account` per organization / customer tenant. Default is individual accounts as that is required by security frameworks.
</ParamField>

<ParamField path="Domain computers login mode" type="local | domain | prompt to choose">
  Choose how technicians login to domain computers. By default local admin account is used.

  * `Local` - create local admin account on the workstation
  * `Domain` - create domain account on DC. For this case you need to install idemeum agent on domain controller
  * `Prompt to choose` - when you scan idemeum QR-code you will be presented with option to choose what account to use - domain or local. For this option you need to install idemeum agent on domain controller.
</ParamField>

<ParamField path="Choose OU for JIT domain accounts" type="OU string">
  For domain JIT computer accounts you can choose the Organization Unit (OU) container where these accounts will be created.

  * The default location for each tenant is `<your domain>/Users`
  * You can choose to create any OU or a set of nested OUs for your JIT accounts, i.e `<your domain>/JIT accounts` or `<your domain>/JIT/MSP accounts` etc. You just need to specify the path.
  * If OU path does not exist, idemeum will create the corresponding OU containers.
  * The nested containers under `Users` are NOT supported. For instance, `<your domain>/Users/JIT accounts` is not supported
  * If you used the `path 1` for your JIT accounts and they were already created, and then you change the path to `path 2`, next time when JIT login is performed, JIT account will be moved to the new location
</ParamField>

<ParamField path="Account password length" type="12 | 16 | 24">
  Chose the password length for created JIT admin accounts.
</ParamField>

<ParamField path="Enable login via TOTP" type="on | off">
  By default technicians login by scanning a QR-code with idemeum mobile app. You can also provide on option to login with OTP even when computer is not offline. Technicians retrieve the OTP from mobile app and enter it into the login screen.
</ParamField>

<ParamField path="Enable push notifications for login" type="on | off">
  Enable the option to send a push notification to a mobile app instead of scanning a login QR-code. Technicians enter their email address and then approve a notification on their mobile app.
</ParamField>