Just-In-Time Privileged Access Management (JIT)


A least-privilege approach to PAM is best achieved by implementing “Just-in-Time (JIT), Just Enough” controls for privileged access. Centrify Identity-Centric PAM solutions empower organizations with more granular control and accountability based on individual identities, to know which systems an administrative user accessed, for how long, and to leave zero standing privileges when done.

Just in Time

Least-Privilege Based on Just Enough, Just-in-Time (JIT) Access

While some PAM vendors trying to sell Just-in-Time (JIT) privilege — or JIT PAM — as the next great thing in Privileged Access Management, just-in-time has been a core component of Centrify’s approach to least-privilege access for years. Essentially, this approach grants privileged access to administrators for only the minimum amount of time needed to complete the task — no more, no less. If they need more time, we make it easy for them to request it and finish the job. Then the temporary entitlements are removed, with the goal being to leave zero standing privileges.

Centrify goes beyond JIT PAM to also enforce just enough privilege, meaning that we can restrict least privilege so that the user only gets access to the target system they need to work on and nothing else. This keeps them from moving laterally during their session, using broader privilege to access other servers they may not need access to, or have entitlements to. By granting unrestricted access to resources, organizations increase risk associated with both internal and external threats. Least privilege based on the Just Enough, Just-in-Time model reduces that risk significantly.


Centrify’s approach to Just-in-Time (JIT) PAM is unique in that we also enable just enough access. The reality is that provisioning approaches do not solve the problem, they just make it a temporary problem. Instead, the focus should be on protecting the target asset, versus enabling logins for IT staff.

With Centrify you can:

Enforce Time-Based Role Assignment

Minimize security risk by enabling administrators to systematically request a new role to obtain the rights they need to perform tasks. Access request for privileged roles enables organizations to grant temporary privileges and roles with a flexible, Just-in-Time (JIT) model that accommodates fluctuating business needs.

Reduce Risk with Temporary, Time-Bound Privileged Access

Centrify Privileged Access Service provides a built-in access request and approval workflow engine or integrations with leading IT service management software to protect your existing technology investments.

Utilize Dynamic Access Controls

Centrify lets you configure dynamic privileges so that users can only use privilege for a specified period of time, at specific times, on certain servers or by a range of other criteria.

Learn More About Centrify PAM

Ready to Protect Against the #1 Attack Vector?

Click here for more information about our products, pricing, demos, and more.

Contact Us