How to configure a JIT credential in senhasegura

2 minutes to read

Print
Share
Dark
Light
PDF

Article Summary

Share feedback

Thanks for sharing your feedback!

The senhasegura platform offers the possibility of using Just-In-Time (JIT) credentials. This configuration manages the use time of services, such as when an account is created or activated or needs specific permissions added during a period to perform actions.

Info

Be aware that after this access, the account is deleted, inactivated, or removed.

JIT access configuration is done when you register or edit a credential. If you are registering a credential, access the documentation on How to configure a credential in senhasegura. In case you are editing a credential, follow the steps below:

At the senhasegura platform, in the top left corner, click on Grid Menu, represented by the nine squares, and select PAM Core.
In the side menu, select Credentials > All.
In the list of credentials, locate the credential you want to edit and in the Action column, click on the three vertical dots icon and select the Edit option from the drop-down menu.

Info

Before registering a JIT-type credential, you must first configure the creation/deletion and enable/disable templates for the systems the credentials will use. These templates will be configured in the credentials and then used when the proxy session is initialized. For more information on configuring execution templates, access the Templates documentation.

The user can't register plugins.

In both modes, the Credential form will open. In the form, go to the JIT Settings tab and fill in the following fields:

Just In Time settings: select the Enabled field**.**
In the Just In Time Type drop-down menu, select one of the two options:
1. Enable/Disable: the JIT credential will be created when the Proxy session is requested to be initialized and will be deleted when the session ends. The creation and removal of a JIT credential is a previously defined privilege that makes it possible to create a credential for a specified period, which will be automatically deleted after that period.
2. Creation and deletion: the JIT credential will be activated when it requests the initialization of the Proxy session and will be inactivated at the end of the session.
In the Authentication settings section, check the Use own credential to connect option if you want to use the credential in question to connect. If not, uncheck the option and enter a credential for authentication in the Authentication credential drop-down menu.

According to the Type of Just In Time you have chosen, one of the two sections will be enabled.

In case you selected Enable/Disable credential, fill in the following fields:

In the Credential enable plugin drop-down menu, select one of the registered plugins.
In the Credential enable template drop-down menu, select one of the registered templates.
In the Credential disable plugin drop-down menu, select one of the registered plugins.
In the Credential disable template drop-down menu, select one of the registered templates.

In case you selected Enable/Disable the credential, fill in the following fields:

In the Credential creation plugin drop-down menu, select one of the registered plugins.
In the Credential creation template drop-down menu, select one of the registered templates.
In the Credential deletion plugin drop-down menu, select one of the registered plugins.
In the Credential deletion template drop-down menu, select one of the registered templates.

Click the Save button.

Do you still have questions? Reach out to the senhasegura Community.

Was this article helpful?

What's Next

How to connect using a JIT credential