Skip to main content

How JIT computer access works

Just-in-time login for MSPs

See how you can eliminate shared credentials when accessing customer workstations and servers
 Just-in-time Admin Access (JIT) is all about eliminating shared credentials and standing privileges when accessing Windows and macOS workstations and servers. Idemeum will automatically generate unique named admin accounts for your technicians, enable these accounts only for the duration of the session, and rotate passwords automatically after every login. Every login is protected with Passwordless FIDO2 compliant MFA, and every session is tracked in the audit trail. Every cyber security framework requires individual secure accounts for admin access. If you need to maintain security compliance, it is a big pain - say you have 100 customers and 15 technicians, then you need to manage 1500 unique accounts, creating them, disabling, rotating passwords, and distributing credentials. Idemeum solves all these problems with JIT Admin Access product.

JIT for computers primary features

Instead of looking for passwords, copy pasting credentials, and sharing MFA codes, technicians simply scan login QR-code with idemeum mobile app and login with biometrics.
Every login is multi-factor that is based on secure FIDO2 protocol that uses certificates and biometrics.
Idemeum will automatically enable admin accounts when they are needed, and will automatically disable them when not in use. This way you maintain highest level of security with zero-standing privilege.
Idemeum will rotate admin accounts passwords after each technician login, or daily rotate passwords for break-glass accounts.
Detailed audit logs are captured and maintained in the cloud (computer log in, log off, lock and offline code access).
When the workstation is offline, technicians can login with one-time codes that can be retrieved from the idemeum mobile application.
Very flexible configurations to choose if you want to use shared / individual accounts, or domain / local accounts with domain environments. You can set up various login methods, branding options, OU for domain account creation  and more.