Skip to main content

Just-in-time admin accounts

JIT accounts overview

Implement just-in-time admin accounts everywhere, stop sharing admin accounts and MFA codes, and meet compliance and cyber insurance requirements.


We built Just-in-time (JIT) Admin Accounts with the goal to help MSPs eliminate shared admin accounts, passwords, and MFA codes when accessing customer resources. Every cyber security framework requires individual secure accounts for admin access. If you need to maintain security compliance, it is a big pain - say you have 100 customers and 15 technicians, then you need to manage 1500 unique accounts, creating them, disabling, rotating passwords, and distributing credentials. Idemeum solves all these problems with just-in-time (JIT) admin accounts.

Get started

Quick-start guides
Follow product guides that we created to test idemeum platform use cases.

Support matrix

Shared account Named account
Windows local
Local account
Windows domain
Local or domain account
Windows Entra ID
Local account
MacOS local
Local account
Entra ID cloud -
Global Entra admin

Features overview

Feature Description
Passwordless MFA for technicians Instead of looking for passwords, copy pasting credentials, and sharing MFA codes, technicians simply scan idemeum QR-code and login with biometrics. Idemeum Passwordless MFA is leveraging FIDO2 protocol for modern security.
Just-in-time account creation Idemeum will automatically create indovidual admin accounts (local or domain) for your technicians, so that you do not have to do this manually.
Zero-standing privieldge Idemeum will automatically enable admin accounts when they are needed, and will automatically disable them when not in use. This way you maintain highest level of security with zero-standing privilege.
Auto password rotation Idemeum will rotate admin accounts passwords after each technician login.
Cross-platform support Idemeum supports Windows with all flavors of accounts (domain or local admin accounts) and MacOS with local admin accounts.
Entra ID admin accounts Idemeum integrates with customer Entra ID accounts to provision admin accounts when needed and disable when not in use.
Offline login When the workstation is offline, technicians can login with one-time code that can be retrieved from the idemeum mobile application.
Audit logs Detailed audit logs are captured and maintained in the cloud (computer log in, log off, lock and offline code access).