Just-in-Time Access (JIT)

Enterprises with a large number of devices, users, and applications usually have multiple policies running concurrently. Administrators managing these endpoints are often faced with unprecedented situations that aren't covered by those policies; in cases like this, a contingency solution is crucial to minimize the loss of productivity.

Additionally, scenarios where specific user requirements last only for a particular period of time also arise. Not only is it inefficient to create permanent policies based on these temporary needs, but it can also end up creating privilege creeps in the network.

Just-In-Time Access (JIT) - ManageEngine Application Control Plus

How does Just-in-Time access work?

Application Control Plus enables administrators to create policies that determine which users are authorized to access applications. The privileges with which they run these applications can also be managed using the Endpoint Privilege Management feature. Users with temporary requirements for these abilities can be granted on-demand access for specific time periods, just enough to satisfy their needs.

Just In Time Access

  • Access to all applications

    Policies deployed in Strict Mode allow users to access only the applications allowlisted to them. All blocklisted and unmanaged applications will remain blocked in this mode. By enabling just-in-time access to all applications, users with short-term needs to these unmanaged applications can be allowed access to them. The authorized duration of access can also be specified while creating the just-in-time access policy, ensuring unnecessary permissions are revoked once the requirements are fulfilled.

  • Self-elevation of privileges

    End-user device groups can be given just-in-time privileged access to all applications allowed to them by enabling this mode. Once the just-in-time access policy is deployed, users will be allowed to self-elevate their privileges to all applications for the time limit specified.

What is Just-in-Time (JIT) Access? - ManageEngine Application Control Plus

Why organizations need Just In Time access control?

Just-in-time access is designed to combat both of these issues simultaneously by giving users on-demand access and privileges to run applications. In order to ensure maximum security, these just-in-time rights are automatically revoked once the user's requirements are satisfied.

Let's look at a few instances when an organization would require the just-in-time access feature:

  • Facilitates Collaborations

    If you have associated allowlists to user devices based on their roles, they will have access only to those applications that are required to fulfill their job requirements. In the event of a collaboration between employees of different job roles, they might need to jointly access applications that extend beyond their normal needs. Just-in-Time access (JIT) to all applications can be enabled for such user devices enabling them to collaborate efficiently for the time period that is required.

  • Endpoint maintenance

    External technicians who are called in to maintain or fix issues with the computers and servers will require access or elevated privileges to applications in some scenarios. Instead of sharing privileged credentials or giving them access to admin accounts, using Just-in-Time access (JIT), application-level privileges alone can be elevated for the required time duration. This would allow technicians to securely run applications as administrators even from standard accounts with minimum privileges.


  • Manage contract or freelance employees

    Avoid including contract employees or freelance employees in permanent policies. Create just-in-time access (JIT) policies specific for these user-devices to ensure their streamlined management. The access duration can be set to end as soon as their contract expires.

Just-in-Time access lets you stay both productive and secure

  • Establishing the principle of least privilege

    The principle of least privilege refers to the concept of lowering enterprise-wide privileges to the bare minimum required to perform an entity's job. Even though this principle is widely advocated, enterprises shy away from establishing it due to the complexities involved. Application Control Plus' just-in-time access feature provides just the right amount of leeway required while establishing such principles, making implementation a breeze for enterprises.

  • Prevent productivity loss

    Unprecedented needs tend to require immediate attention, but creating new policies to fit temporary needs can be cumbersome and time-consuming. Just-in-Time access lets administrators cater instantly to their users' needs, without causing any drops in productivity.

Packed with features like Application Allowlisting, Application Blocklisting, Endpoint Privilege Management and Flexibility Regulator, Application Control Plus is a comprehensive solution that helps to improve both productivity and security. Try free for 30 days!


Common Queries

What is Just-in-Time (JIT) Access?

When just-in-time access is enabled, privileges are elevated temporarily only for the duration specified, after which they are automatically revoked.


Why Just-in-Time (JIT) Access control is important?

The success of implementing the principle of least privilege majorly depends on how prepared organizations are to handle interim needs. It is essential to use both the features, Endpoint Privilege Management and Just-in-time access control in concert, to ensure seamless implementation and functioning.