Just-in-time (JIT) computer accounts

What is Zero Standing Privilege (ZST)?

Zero Standing Privilege (ZST) refers to an IT environment in which there are no persistent, always-on privileged access rights provisioned to identities and accounts - whether human or machine.

With the current mode of operation, you would create persistent admin accounts for your technicians. If a technician needs to access a workstation, you would create an admin account, if he needs to access an Entra ID tenant, you would create an Entra ID account. With technicians joining and leaving you end up having hundreds of accounts being active that significantly increase your threat exposure. 75% of security breaches are caused by mismanaged identity, access, or privileges. The more privileged accounts you have active, the more exposure you have to the risk of these accounts being compromised.

Zero Standing Privilege (ZST) model allows you to create admin accounts on-demand and disable them when not in use. The process on enabling and disabling accounts on-demand is called Just-in-time (JIT) account management.

How Elevated Access to Computers helps?

Idemeum allows you to move towards achieving Zero-Standing Privilege (ZST).

Automated admin account creation

Idemeum will automatically create named or shared admin accounts for your technicians when they first access the workstation. So, it helps with automating the process of account creation.

Automated account enable / disable

Idemeum will enable these admin accounts on demand, meaning that when these accounts are not in use, they will be automatically disabled on the workstation, thereby allowing you to achieve Zero Standing Privilege model with your technician accounts.