Just-in-Time (JIT) access allows users to elevate privileges as system administrators. So when JIT is active, the user will appear in the Administrators group.
Attention
The product operates with Just-in-Time (JIT) access taking precedence over any denylist configuration. This means that even if a user or application is on the denylist, enabling JIT will grant elevation or access as expected.
Configure JIT access
- Access the Segura platform.
- Go to the menu EPM ➔ Settings ➔ Parameters ➔ EPM Windows.
- In the JIT/Elevation methods section, check Enable JIT access? as Yes.
- Set Block elevation of privilege to No.
Enable JIT access
- Access the workstation desktop of the user.
- Start Core.
- Enable JIT by clicking the Just-In-Time button.
Info
Configure the application to record to visualize what happened during the JIT access. In Recording reports, the recording will be available. It may take 10 to 20 minutes after the end of the session to view the recording on the Segura platform.
Disable JIT access
- Access the workstation desktop of the user.
- Start Core.
- Turn off JIT by clicking the Just-In-Time button.
Manage system administrators
To confirm that the user has been added or removed from the System Administrators group, follow the steps:
- Access the workstation desktop of the user.
- Go to Computer Management ➔ Local Group Users ➔ Groups ➔ Administrators.
- View if the user is part of the admin user group.