Just-in-Time Access

Also known as: JIT access, Just-in-time privilege

An access model that grants elevated or sensitive permissions only for a limited time and a specific task, then revokes them automatically.

Just-in-Time (JIT) access eliminates standing privileges by issuing them on-demand, typically through an approval workflow tied to a ticket, change request, or break-glass procedure. Users or workloads request elevation, the system enforces conditions (justification, MFA, peer approval), provisions the rights for a short, bounded window, then revokes them automatically. JIT pairs naturally with PAM, RBAC and zero-trust: it sharply reduces the attack surface from dormant admin accounts and credential theft because there is nothing valuable to steal between sessions. Modern implementations cover cloud roles, database access, SSH bastion sessions, and Active Directory group memberships.

Examples

Azure PIM elevating a user to Global Administrator for one hour after MFA and approval.
A Teleport workflow that grants temporary kubectl admin in a production cluster.

Just-in-Time Access

Examples

Related terms

Principle of Least Privilege

Privileged Access Management (PAM)

Role-Based Access Control (RBAC)

Zero Trust Network

Multi-Factor Authentication (MFA)

Authorization

Definition

Examples

Related terms

Principle of Least Privilege

Privileged Access Management (PAM)

Role-Based Access Control (RBAC)

Zero Trust Network

Multi-Factor Authentication (MFA)

Authorization