TKM Teknologi

LOGO TKMT 200X100
Menu
Login
Menu

JUST-IN-TIME ACCESS, TEMPORARY PRIVILEGE, CONTROLLED ACCESS

PAM Feature — Just-in-Time Privilege Access
PAM Feature 07

Just-in-Time Privilege Access

On-demand, time-bound privileged access — grants elevated permissions only when necessary and for a limited duration, reducing security risks, enforcing least privilege, and strengthening compliance across critical systems

Just-in-Time (JIT) Access is a modern cybersecurity strategy designed to deliver elevated privileges only when they are needed — and only for a limited duration. Unlike traditional models that rely on persistent, “always-on” privileged accounts, JIT ensures that access is temporary, purpose-driven, and tightly controlled. This proactive approach dramatically reduces the attack surface, safeguarding organizations against advanced threats such as ransomware, where adversaries often target privileged credentials to compromise critical systems and data.

By eliminating standing privileges, JIT mitigates risks like privilege escalation and lateral movement across networks. It enforces rigorous access governance rooted in the principles of Least Privilege and Zero Trust, ensuring that no user — human or machine — receives access without proper validation. Under this model, permissions are granted only at the minimum level required, and only after verification, reinforcing a culture of security-first operations.

Organizations can adopt JIT Access through multiple deployment models: request-based access, where users justify and obtain approval before temporary elevation; ephemeral accounts, which are created for specific tasks and automatically retired after use; and time-bound privilege elevation, where existing accounts are granted higher permissions for a defined period before reverting to baseline. Each method delivers agility without compromising control, empowering enterprises to balance productivity with uncompromising security.

JIT Policy Configuration Models

The following are three available Just-In-Time (JIT) policy configuration models designed to provide flexible, secure, and controlled privileged access management:

⏸ Enable / Disable

Accounts on the target server remain in a disabled state by default. When a session is initiated, the account is automatically enabled, allowing seamless access and successful session establishment. Upon termination, the account is promptly reverted to its disabled state — ensuring that privileged credentials are never left exposed and reinforcing a secure, controlled access environment.

⚡ Provision / De-provision

Accounts are provisioned on both the PAM system and the corresponding target servers to ensure consistent identity management and access control. When these accounts are no longer required, they can be centrally de-provisioned from the PAM platform, enabling immediate and synchronized removal across all associated target systems. This approach ensures efficient lifecycle management, reduces administrative overhead, and maintains strict security governance.

🔼 Access Based Elevation

The account is temporarily elevated to a higher privilege level strictly for the duration of the active session. Upon session termination, the account’s privileges are automatically reverted to their original state, ensuring controlled and time-bound privilege escalation in alignment with security best practices.

Configure Just-In-Time
  1. Select PAM from the product navigator → Policies → in the General menu select Just In Time from the sidebar.
  2. Click + Add Just In Time icon, enter the details in the form provided with Policy Name and description.
  3. Choose one of the three available JIT policy configuration models (Enable/Disable, Provision/De-provision, or Access Based Elevation).
  4. Add Asset Type, the accounts it applies to, respective roles, and Active/Inactive status.
  5. Click on Save.
    Save JIT policy configuration

    Click Save to apply the Just-In-Time policy configuration

Menu