> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/pam/pam-with-devolutions-server/just-in-time-jit-elevation.md).

# Just-in-time (JIT) elevation

Just-in-time elevation is a security concept that pertains to providing temporary access to resources or services, ensuring that permissions are granted only for the specific time they are required and not a moment more. The Just-in-time feature in Devolutions Server grants temporary membership to selected Active Directory groups from a specified list.

{% embed url="<https://youtu.be/VDNiaZT9yoQ?start=124>" %}

{% hint style="warning" %}
The **Just-in-time elevation** feature is only available for Domain accounts.
{% endhint %}

![](https://cdnweb.devolutions.net/docs/DVLS4109_2024_3.png)

#### Just-in-time (JIT) elevation

| Option                                                                   | Description                                                                                                                                                                                           |
| ------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Select provider privileges to make available for temporary elevation** | Select the Active Directory groups of which a privileged account will be elevated to member status. Click on the pen icon next to a selected group to assign a Devolutions Server display name to it. |
| **Enable privilege sets**                                                | Create privilege sets to group similar privileges together by assigning provider privileges and privileged accounts.                                                                                  |

#### Advanced

| Option                                | Description                                                                                                                                                          |
| ------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Temporary group name prefix**       | Prefix of the Active Directory group name to be created, which will be a member of the selected group and in which the privileged account will be a member.          |
| **Temporary group creation location** | Location (OU) where the temporary Active Directory group will exist in the Active Directory structure.                                                               |
| **Replication latency**               | Some domains may require additional time to apply permissions. Introducing latency helps prevent sessions from opening too quickly, which could result in a failure. |

#### Example

The domain provider Just-in-time elevation configuration will allow privileged accounts to request elevation, i.e., to become a temporary member of the following Active Directory groups: Remote Desktop Manager Admins; Remote Desktop Manager Service Desk or Remote Desktop Manager Admins - Universal. The temporary group name will start with RDM\_JIT and will be created in the **Domain Groups\Vaults\Internal** OU.

![](https://cdnweb.devolutions.net/docs/DVLS6019_2025_2.png)

The \_backupoperator15 privileged account checkout process is requesting a 2 hours elevation to be part of the Remote Desktop Manager Admins Active Directory group.

![](https://cdnweb.devolutions.net/docs/DVLS6017_2025_2.png)

#### See also

* [Decoding just-in-time (JIT) elevation](https://blog.devolutions.net/2025/01/decoding-just-in-time-jit-elevation/)
* [JIT privilege elevation made efficient by Devolutions](https://blog.devolutions.net/2025/01/jit-privilege-elevation-made-efficient-by-devolutions/)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.devolutions.net/pam/pam-with-devolutions-server/just-in-time-jit-elevation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.