The Just-in-time elevation feature is only available for Domain accounts.
Just-in-time elevation is a security concept that pertains to providing temporary access to resources or services, ensuring that permissions are granted only for the specific time they are required and not a moment more. The Just-in-time feature in Devolutions Server grant a temporary membership to a selected Active Directory group from a specified groups list.
Just-in-time (JIT) elevation
| Option | Description |
|---|---|
| Available groups for temporary elevation | Select the Active Directory groups of which a privileged account will be elevated to member status. |
| Temporary group name prefix | Prefix of the Active Directory group name to be created, which will be a member of the selected group and in which the privileged account will be a member. |
| Temporary group creation location | Location (OU) where the temporary Active Directory group will exist in the Active Directory structure. |
Example
The domain provider Just-in-time Elevation configuration will allow privileged accounts to request elevation to being member of the following Active Directory Groups: Remote Desktop Manager Admins; Remote Desktop Manager Service Desk or Remote Desktop Manager Admins - Universal. The temporary group name will start with RDM_JIT and will be created in the Domain Groups\Vaults\Internal OU.
The _backupoperator15 privileged account checkout process is requesting a 2 hours elevation to be part of the Remote Desktop Manager Admins Active Directory group.
