ELI5: What is Just-in-time Access?
Instead of giving someone a permanent key, JIT access gives them a temporary key that only works for a short time. Once the job is done, the key stops working automatically.
Definition
Just-in-time (JIT) access is a privileged access management principle that eliminates standing privileged access by granting elevated permissions only when explicitly requested and needed, for a defined time period, after which access is automatically revoked. This significantly reduces the risk of compromised accounts being used for privilege escalation because no user maintains persistent elevated access.
Key Details
- Users have no standing privileged access — they must request and justify access for each use
- Access is granted only for the duration needed (e.g., 4 hours for a maintenance window)
- Automatic revocation eliminates the risk of forgotten or orphaned privileged accounts
- All JIT access requests, approvals, and sessions should be logged and audited
- Implemented via PAM platforms (CyberArk, BeyondTrust, Microsoft PIM for Azure)
Connections
- Parent: privileged-access-management — JIT access is a key PAM technique to minimize standing privilege
- See also: least-privilege-enforcement