Skip to main content

Elevated Access to Entra ID

Just-in-time (JIT) Entra ID accounts

Idemeum helps MSPs achieve Zero-Standing Privilege by automatically enabling and disabling Entra ID accounts for the duration of the session when technicians need them.

What is Zero Standing Privilege (ZST)?

Zero Standing Privilege (ZST) refers to an IT environment in which there are no persistent, always-on privileged access rights provisioned to identities and accounts - whether human or machine.

With the current mode of operation, you would create persistent admin accounts for your technicians. If a technician needs to access a workstation, you would create an admin account, if he needs to access an Entra ID tenant, you would create an Entra ID account. With technicians joining and leaving you end up having hundreds of accounts being active that significantly increase your threat exposure. 75% of security breaches are caused by mismanaged identity, access, or privileges. The more privileged accounts you have active, the more exposure you have to the risk of these accounts being compromised.

Zero Standing Privilege (ZST) model allows you to create admin accounts on-demand and disable them when not in use. The process on enabling and disabling accounts on-demand is called Just-in-time (JIT) account management.

How Elevated Access to Entra ID helps?

  • With idemeum Elevated Access to Entra ID you no longer need to manually create Entra accounts for your technicians. When a new person is onboarded with a mobile device and requests an account, idemeum will automatically create it.
  • What is more, idemeum will only enable the account for a specified period of time, and will disable it when not in use. This way, at any given point in time there are no active admin accounts that are not needed. This way idemeum allows you to follow ZST model as it relates to Entra ID admin accounts for technicians.