Skip to main content

How RDP JIT login works

RDP with JIT accounts works between domain-joined workstations. You need to make sure idemeum agent is installed on domain controller, source, and destination Windows workstation.

RDP access with JIT accounts

Quick demo for how to RDP with JIT accounts.
 When idemeum desktop agent is installed on domain-joined workstations, technicians can RDP from one machine to the other without the need to use any passwords - simply scan the QR-code and approve with biometrics. Just-in-time accounts will be used behind the scenes, accounts will be enabled / disabled on-demand, and passwords will be rotated after each login.

RDP JIT prerequisites

  • Supported on domain-joined workstations only
  • Desktop agent installed on source and target machine
  • Domain accounts login enabled for the customer tenant
  • Domain controller is reachable from the RDP source workstation
  • Agent is installed on domain controller

How to RDP with JIT account

  • Login to source domain-joined workstation
  • Open Windows Remote Desktop Client and connect to the target domain-joined machine
  • You will then be prompted to authenticate. Click More options and then select idemeum credential provider to scan the QR-code.
  • You can enlarge the QR-code so that it is easier to scan by clicking on Click here to expand QR code
  • Scan the QR-code with idemeum mobile application and approve with biometrics
  • You will be logged in to the target workstation
Enlarge