JIT accounts overview
Implement just-in-time admin accounts everywhere, stop sharing admin accounts and MFA codes, and meet compliance and cyber insurance requirements.
Overview
We built Just-in-time (JIT) Admin Accounts with the goal to help MSPs eliminate shared admin accounts, passwords, and MFA codes when accessing customer resources. Every cyber security framework requires individual secure accounts for admin access. If you need to maintain security compliance, it is a big pain - say you have 100 customers and 15 technicians, then you need to manage 1500 unique accounts, creating them, disabling, rotating passwords, and distributing credentials. Idemeum solves all these problems with just-in-time (JIT) admin accounts.
Get started
Quick-start guides
Follow product guides that we created to test idemeum platform use cases.
Nik Pot
Support matrix
| Shared account | Named account | |
|---|---|---|
| Windows local | ✅ | ✅ Local account |
| Windows domain | ✅ | ✅ Local or domain account |
| Windows Entra ID | ✅ | ✅ Local account |
| MacOS local | ✅ | ✅ Local account |
| Entra ID cloud | - | ✅ Global Entra admin |
Features overview
| Feature | Description |
|---|---|
| Passwordless MFA for technicians | Instead of looking for passwords, copy pasting credentials, and sharing MFA codes, technicians simply scan idemeum QR-code and login with biometrics. Idemeum Passwordless MFA is leveraging FIDO2 protocol for modern security. |
| Just-in-time account creation | Idemeum will automatically create indovidual admin accounts (local or domain) for your technicians, so that you do not have to do this manually. |
| Zero-standing privieldge | Idemeum will automatically enable admin accounts when they are needed, and will automatically disable them when not in use. This way you maintain highest level of security with zero-standing privilege. |
| Auto password rotation | Idemeum will rotate admin accounts passwords after each technician login. |
| Cross-platform support | Idemeum supports Windows with all flavors of accounts (domain or local admin accounts) and MacOS with local admin accounts. |
| Entra ID admin accounts | Idemeum integrates with customer Entra ID accounts to provision admin accounts when needed and disable when not in use. |
| Offline login | When the workstation is offline, technicians can login with one-time code that can be retrieved from the idemeum mobile application. |
| Audit logs | Detailed audit logs are captured and maintained in the cloud (computer log in, log off, lock and offline code access). |