Just-in-time (JIT) provisioning creates temporary accounts that are active only for the duration of a task or session. At checkout, the system generates an account with the necessary permissions, which is automatically removed upon check-in.
This guide explains how to configure JIT provisioning creation to create temporary accounts.
In Administration – Privileged Access – Providers, select your PAM Provider and click Edit.
Go to the JIT privilege elevation and locate Advanced.
Enter the path in the correct format for your Active Directory (e.g.,
OU=JITAccounts,DC=example,DC=com) under JIT Account creation location.Save your changes.
Go to your PAM Vault and click Add new entry.
Select (PAM) – Domain user.
Fill in Name and Username.
Select your Provider in the drop-down menu.
Check the Just-in-Time (JIT) account checkbox.
Click Add to save the entry.
When you check out the account, the system automatically creates it in Active Directory. It remains active for the duration of the checkout period, and upon check-in, the account is immediately deleted from Active Directory.
Give us Feedback