- Idemeum documentation
Quick-start guides
- Quick-start guides
Core features
Desktop agent
JIT Computer Access
JIT Entra ID Access
Cloud LAPS
Endpoint Privilege Management
Multi-tenant MSP portal
RFID Single Sign-On
Security
- Overview
- Security whitepaper
Support
- Contact support team
- Support options
Knowledgebase
Legal
- Terms of service
- Privacy policy

JIT Computer Access

Supported features

Here is what is supported today for JIT computer accounts

Operating systems

Operating system	Versions
Windows	10, 11, IoT
macOS	14 Sonoma

Current features

Feature	Description
Passwordless MFA for technicians	Instead of looking for passwords, copy pasting credentials, and sharing MFA codes, technicians simply scan idemeum QR-code and login with biometrics. Idemeum Passwordless MFA is leveraging FIDO2 protocol for modern security.
Just-in-time account creation	Idemeum will automatically create individual admin accounts (local or domain) for your technicians, so that you do not have to do this manually.
Zero-standing privilege	Idemeum will automatically enable admin accounts when they are needed, and will automatically disable them when not in use. This way you maintain highest level of security with zero-standing privilege.
Auto password rotation	Idemeum will rotate admin accounts passwords after each technician login.
Cross-platform support	Idemeum supports Windows with all flavors of accounts (domain or local admin accounts) and MacOS with local admin accounts.
Offline login	When the workstation is offline, technicians can login with one-time code that can be retrieved from the idemeum mobile application.
Audit logs	Detailed audit logs are captured and maintained in the cloud (computer log in, log off, lock and offline code access).
Various login options	Technicians can utilize various login options to access computers - scan QR-code, send notification, enter OTP code.
Domain or local accounts	You can configure what accounts you want to use for your Windows computers - local or domain admin accounts.
Named or shared accounts	You can configure what account type you want to use - one shared account for all technicians, or individual named account for each technician.
Selective JIT login	Choose on the fly for each workstation what account you want to use for login - domain or local.

JIT for Windows computers

We cover all flavors of Windows and accounts, and you can configure how login behaves for each of your customer tenants.

	Named domain account	Named local account	Shared local account
Domain Windows	yes	yes	yes
Local Windows	-	yes	yes
Entra Windows	-	yes	yes

JIT for macOS computers

	Named domain account	Named local account	Shared local account
Local macOS	-	yes	-

On this page