Just-In-Time (JIT) Access
JIT Access grants privileges only when needed and only for the duration required. Instead of standing privilege that lasts indefinitely, JIT access is temporary, time-limited, and revoked automatically when the request is completed.
# WHAT TEAMS RUN INTO
- —
JIT workflows create friction during legitimate emergencies. When a system is down and the on-call engineer needs urgent access, waiting for JIT approval processes adds delay when speed is critical.
- —
Abuse is possible when approval is delegated. If approval responsibility is unclear, attackers can socially engineer approval from someone who doesn't realize they are authorizing a risky request.
- —
Session management after JIT approval is not always tight. A user gets approved for 30 minutes of admin access, the session lasts longer than expected, and the access remains active even after the time window expires.
# WHY IT MATTERS
JIT access flips the default from 'access until revoked' to 'access only when needed.' It dramatically reduces the attack surface because standing privilege is eliminated — there are no dormant admin credentials sitting in a shell session waiting to be abused. JIT access is the closest security gets to the principle of least privilege when applied in practice.