Selective JIT login

Overview

For domain-joined workstations where idemeum desktop client is installed, you can choose what account to use for technician login - domain or local. This feature is useful if you want to control on which workstations you want to expose your domain admin account.

Configuration

Navigate to your customer tenant admin dashboard
Access Settings → PAM
For Domain computers login mode choose Prompt to choose.

ℹ️

For newly installed idemeum agents the setting will be immediately applied. For existing idemeum agents it can take up to 6 hours to reflect the change.

Now when you login to workstation (scan the QR-code, send an OTP, or login with push notification) you will see a pop up that will allow you to choose the account type - local or domain.

Quick-start guides

Desktop agent

Endpoint privilege management

JIT computer accounts

JIT Entra ID accounts

Cloud LAPS

Passwordless MFA

RFID Single Sign-On

Multi-tenant MSP portal

Cloud directory

Security

Support

Knowledgebase

Legal

Selective JIT login

Overview

Configuration

On this page