Home » 
Applicable For Endpoint Central MSP 
 
 

Just-In-Time Access

Table of contents

Just-In-Time Access Explained

Just-in-Time (JIT) access in Endpoint Central's Application Control allows administrators to grant temporary, limited privileges to users for specific tasks. This reduces security risks associated with providing continuous administrative rights and allows for granular control over application access and elevation policies. With JIT access, users are granted access only when they need it and for the specific tasks they require for a limited period of time. It can also be configured to be applied only to specific applications based on a wide range of criteria.

Just-In-Time Access View

The Importance of Just-In-Time Access

JIT access enhances security by granting limited, temporary privileges. It effectively minimizes the potential for unauthorized access and reduces the risk of insider threats. This approach ensures that users have the required access to perform their tasks without compromising overall security by granting continuous administrative rights. Implementing JIT access is a strategic decision that can strengthen the organization's security posture and minimizes the potential for data breaches.

Configuring Just-In-Time Access

The temporary access can be provided to specific computers through the following steps:

  • Login to the Endpoint Central web console and navigate to App Ctrl -> Just in Time Access.
  • Click Create to delegate a new JIT access policy.
  • Provide the Name and Description for the policy.
  • Provide the Computer Name for which you want to provide JIT access.
  • Select the duration type: Fixed or Window. If the duration type is fixed, provide the duration of access and if it's a window, provide a window time frame for which you want to provide the JIT Access.

    JIT Access Policy Creation

  • You can also grant temporary access to specific applications or elevate user privileges. In the Access Settings, the Just In Time access for allowlisting option lets users run unmanaged applications, even in Strict Mode. If you choose All Applications, the user can access any unmanaged application. Selecting Include Blocklisted Applications allows them to use apps that are blocked. If you choose Specific applications, the user can access only the applications selected. The specific applications for application allowlisting and elevation can be added using the rule types such as Vendor, Products, Verfied Executable, File Hash, Store Apps, and Folder Path.
  • The Just In Time Access for self-elevation option will grant the user to self-elevate their privileges to all allowed applications or specific applications.

    JIT Access Rule Types for Specific Apps

  • Click Deploy Immediately.