Featured image

Just-in-Time Privileged Accounts: Active Directory, Azure Active Directory, and Local Accounts

  • MSP Resources
  • News
  • Product Releases
  • QGuard

We are excited to introduce the general availability release of Just-in-Time (JIT) privileged access for Active Directory, Azure Active Directory, and Local Admin accounts!

JIT accounts offer a revolutionary approach to privileged access management by temporarily enabling privileged accounts on an as-needed basis. Unlike traditional shared admin accounts, JIT accounts automatically remove privileges after a specified time, rotate the account password and disable the account. This dynamic approach ensures that privileged access is only granted when necessary, effectively minimizing the window of vulnerability.

A significant advantage of JIT accounts lies in their ability to enhance security. By having a JIT account for each individual technician, you can assign specific privileges, eliminating the need for sharing highly privileged access. This approach not only fosters a clear audit log that traces and attributes access to specific individuals but also strengthens compliance with principles such as least privileges and zero standing privileges, thereby bolstering your overall security posture.

Here’s a closer look at the features and capabilities we’ve added to JIT accounts:

  1. Azure AD Just-in-time accounts: Expand the advantages of JIT to Azure Active Directory, providing the same heightened security and accountability for cloud-based privileged access. JIT accounts seamlessly integrate with passwordless login using Microsoft Authenticator.
  2. Local Admin Just-in-time accounts: Secure local admin accounts with JIT access, reducing the risk associated with these often overlooked, but critical, access points.
  3. Create and Manage JIT accounts from the web dashboard: User-friendly interface on our web application allows you to easily set up and oversee JIT accounts, ensuring a smooth implementation.
  4. Access all JIT accounts from the CyberQP desktop app: Seamlessly view and enable all JIT accounts from the CyberQP desktop app, which also supports credential injection of JIT accounts via Screenconnect integration.
  5. Administrative controls: You have the power to manage JIT access policies, limiting access to authorized technicians only. Admins also receive email alerts when new JIT accounts are created and maintain the capability to revoke JIT access or delete any JIT account.
  6. Automatic password rotation and account disablement: Similar to AD, Azure AD, and Local JIT accounts automatically disable, remove privileges, and rotate passwords upon expiration, mitigating the risk of unauthorized access, even if account details are inadvertently shared or compromised.
  7. Detailed Auditing Log: JIT accounts generate a comprehensive audit log, providing a detailed record of privileged access activities. This facilitates compliance with regulatory requirements and internal security policies, enabling easy traceability and accountability.

Just-in-Time (JIT) privileged accounts represent a significant advancement in privileged access management for MSPs. By offering enhanced security, individual accountability, and automated provisioning, JIT accounts represent a crucial step towards more robust and streamlined security for MSPs.

You can start using just-in-time accounts to secure your customer’s infrastructure. Follow these step-by-step guides on how to set up and start using JIT accounts.

We’d love to hear your feedback!

We value your feedback and look forward to hearing from you. Please feel free to share your thoughts and suggestions with us via email at [email protected]. If you have any questions or need assistance, head over to CyberQP Support, and we’ll be more than happy to assist you.