Just-In-Time (JIT) privileged accounts provide an added layer of security by restricting access to critical resources only when necessary. CyberQP enables you to configure JIT accounts, ensuring that your organization can better manage and control privileged access. This article will guide you through the steps to enable JIT accounts in your CyberQP environment.
Prerequisites
- You need to have super or primary role permissions
- You must have an active QGuard subscription
Steps to Enable JIT Privileged Accounts:
-
Access the QGuard Settings Page
- Log in to your CyberQP account with super or primary role permissions.
- Navigate to the "Settings" page within the dashboard.
-
Enable JIT Accounts:
- On the "Settings" page, locate the "JIT Account Settings" section.
- Click on the "Enable" button to initiate the configuration process.
-
Configure Directory Sources:
- In the next step, you will need to select the directory sources for which you want to configure JIT accounts. You can choose from AD (Active Directory), Azure AD (Azure Active Directory), and Local.
- In the next step, you will need to select the directory sources for which you want to configure JIT accounts. You can choose from AD (Active Directory), Azure AD (Azure Active Directory), and Local.
-
Select Privileged Security Groups:
- For each selected directory source, choose the privileged security groups that you want to make available for your technicians to use for creating JIT accounts.
- For each selected directory source, choose the privileged security groups that you want to make available for your technicians to use for creating JIT accounts.
-
Define Access for Your Team:
- Determine who on your team should have access to JIT accounts. You have two options:
- Restrict access to super and primary roles only.
- Select specific groups of users who can have access to JIT accounts.
NOTE: Primary and Super role login users will always have access. If restricted to specific login groups is chosen, the selected Login Groups will be in ADDITION to Super and Primary roles.
NOTE: The HelpDesk role can be added to a Login Group, however, helpdesk roles do not get access to JIT-privileged accounts. Only engineers, managers, and admins can access JIT accounts
NOTE: Selected technicians will only gain access to create JIT accounts for customers they have access to.
- Determine who on your team should have access to JIT accounts. You have two options:
-
Save Your Configuration:
- After defining the directory sources and access permissions, click the "Save" button to apply your JIT account settings.
- After defining the directory sources and access permissions, click the "Save" button to apply your JIT account settings.
Note: In order to change these configurations you would need to Disable the current configuration and then re-enable it again with the new options you wish to select. We are making this more flexible so these settings can be managed independently.
Congratulations, you have successfully enabled JIT accounts in QGuard. The selected technicians will now have the ability to see the "Just-In-Time Accounts" menu within each customer and utilize JIT accounts as needed.
Next
Comments
0 comments
Please sign in to leave a comment.