Skip to main content

How To - Create Local Machine Just-In-Time Accounts (Local)

  • Updated

Introduction

Just-in-time (JIT) accounts are a feature that temporarily enables a privileged account. With JIT accounts, you can be assured that they will be automatically disabled, removed from the privileged security group, and their passwords rotated upon expiry, making them highly secure.

Each JIT account is created for an individual, which creates an audit log that can be easily tracked to that person. This also helps ensure compliance by avoiding shared credentials and maintaining the principle of no standing privileges.

CyberQP provides the convenience of directly creating and managing your JIT accounts from the dashboard. As of the latest update to this KB article, the dashboard supports JIT creation in Active Directory, local machine, and Entra ID. Please see the bottom of this KB for links on how to implement these features.


In this article, we'll walk you through the steps of creating local machine sourced JIT accounts.

 

Prerequisite

  • Machines must have the latest CyberQP agent installed
  • Just-in-Time feature has been enabled in tenant settings according to - Enabling Just-in-time privileged accounts feature for QGuard
  • Local JIT Policy has been created
  • Active QGuard Pro subscription
  • Signed in with a Primary or Super role technician user, or a technician user that is part of a CyberQP Technician Group granted access to a JIT Policy

 

Creating a Local JIT Account from the Dashboard

  1. Navigate to a customer
  2. Click Just-in-time Accounts in the sidebar
  3. Click Activate JIT Account
  4. Click Local
  5. Adjust the Username if needed (NOTE: Username edit is only available during initial creation)
  6. Set Duration the account should be enabled
  7. Provide a Reason for the creation of the JIT account (NOTE: Currently, entry of an URL in the reason field is not supported)
  8. Select the desired JIT Policy to use
  9. Click Activate


 

 

Re-enable a Previously Created Local JIT Account from the Dashboard

  1. Open a Customer
  2. Click Just-in-time Accounts in the sidebar
  3. Locate the JIT account that you wish to re-enable
  4. Click the three-dot menu > Enable Account
  5. Provide a Reason and set the Duration
    1. NOTE: If a different JIT Policy is desired, click the Pencil Icon inside the Select JIT Policy box and select the desired JIT Policy

 

Other Articles

How to create and use Just-In-Time Privileged accounts (Active Directory)

How to create and use Just-In-Time Privileged accounts (Azure AD)

Related articles

Comments

0 comments

Please sign in to leave a comment.