Just-in-time access (JIT)
Just-in-time (JIT) access grants elevated access only for a limited window — and revokes it automatically afterward — so no standing privileged access remains. Learn how JIT access works, how it differs from standing access, and why it is central to modern least-privilege security.
What is just-in-time access?
Just-in-time (JIT) access grants elevated rights only when they are needed, for a limited period, and removes them automatically once that period ends. Instead of accounts holding standing administrative access around the clock, access is provisioned on request, used, and withdrawn — leaving nothing permanently elevated for an attacker to find.
How does just-in-time access work?
JIT access follows a request-and-expire pattern:
- A user requests elevated access to a system, often with a reason.
- The request is approved automatically by policy or by an approver.
- Access is granted for a defined, limited window.
- When the window ends, the access is revoked automatically.
- The request and session are logged for audit.
Just-in-time access vs. standing access
Standing access is always-on: an account holds elevated rights permanently, whether or not they are in use. That permanent privilege is exactly what attackers seek. Just-in-time access replaces it with temporary, on-demand rights, so that at any given moment almost no elevated access exists to be compromised. The result is a dramatically smaller attack surface.
Just-in-time access and least privilege
JIT access is least privilege applied to time as well as scope. Least privilege limits how much access an identity has; just-in-time limits how long it has it. Together they ensure access is both minimal and momentary — granted only to the right people, for the right resources, for only as long as needed.
Why does just-in-time access matter?
Standing privileged access is one of the largest and most persistent risks in most environments. By removing it, just-in-time access shrinks the window in which any account can be abused, contains the damage a compromise can do, and produces a clean audit trail of who requested what and when. It is a foundational practice in privileged access and remote access management.
Frequently asked questions
What is just-in-time (JIT) access?
Just-in-time (JIT) access grants elevated rights only when they are needed, for a limited period, and revokes them automatically once that period ends. Instead of standing administrative access, rights are provisioned on request, used, and withdrawn, leaving nothing permanently elevated.
How is just-in-time access different from standing access?
Standing access is always-on: an account holds elevated rights permanently whether or not they are in use. Just-in-time access replaces that with temporary, on-demand rights, so at any given moment almost no elevated access exists to be compromised — dramatically reducing the attack surface.
How does just-in-time access relate to least privilege?
Just-in-time access is least privilege applied to time. Least privilege limits how much access an identity has; just-in-time limits how long it has it. Together they ensure access is both minimal and momentary.
Eliminate standing privilege
Grant elevated access just-in-time and revoke it automatically with Devolutions.
Related terms
Least privilege
Granting users only the access needed to carry out their responsibilities.
Read now →Privileged access management (PAM)
Controls, audits, and secures access to an organization's most sensitive systems.
Read now →