Skip to main content

How to Use Custom Security Groups with Active Directory JIT Accounts

  • Updated

Overview

Just-in-Time (JIT) Accounts in Active Directory (AD) can be configured to include custom security groups. This allows you to specify additional group memberships for JIT accounts, ensuring they have the appropriate access when created or enabled.

Note: This guide applies to on-premise Active Directory (AD) only. Support for custom security groups on Entra/M365 will be available in a future updates.

Defining Custom Security Groups in a JIT Policy

To define custom security groups, follow these steps:

  1. Navigate to Settings > Just-in-Time Accounts.

  2. You can either create a new AD policy or update an existing one to include custom security groups.

Creating a New Policy with Custom Groups

  1. Click on + New Policy.

  2. Define the name, description, access, duration options, and built in groups as needed.

  3. Next go to the Custom Security Groups section.

  4. Click on + Add Custom Group.

  5. Enter the names of the custom security groups.

    1. Separate multiple group names with line breaks.

  6. Click + Add to submit the groups.

  7. Click on the trash icon to remove any unwanted groups.

  8. Save the policy.

Updating an Existing AD Policy to Add Custom Groups

  1. Locate and click Edit on the existing AD policy you want to modify.

  2. In the policy form, navigate to the Custom Security Groups section.

  3. Click on + Add Custom Group.

  4. Enter the names of the custom security groups, using line breaks to separate multiple names.

  5. Click + Add to submit the groups.

  6. Use the trash icon to remove any unwanted groups.

  7. Save the updated policy.

Effect of Custom Security Groups on JIT Accounts

  • Any JIT account enabled or created under this policy will automatically be added to the specified custom security groups, provided they exist in the domain.

  • If a specified custom group does not exist in the domain, it will be ignored, and the JIT account will still be created or enabled with any other built-in or custom groups defined in the policy.

By leveraging custom security groups, you can tailor JIT account permissions to better fit your organization's security and access control requirements.

Related articles

Comments

0 comments

Please sign in to leave a comment.