New for version 4.0 of TechIDManager is an account style called Just-In-Time, called JIT for short. This means the account is enabled, rights added to the account, and a new password set, just in time for the tech to use it when they need it. The account is also automatically disabled after use, with all rights removed from the account. The account that is unique to each tech, in the client’s environment, exists normally with no standing access. It must be enabled through a request from the tech, and even then it only gets the rights and permissions that a manager has previously allowed for that specific tech on that specific site.
The work flow is as follows, this assumes you understand the way that TechIDManager works with static accounts as a basis for understanding this.
- Install an agent like normal, and add the “JustInTime” command line to enable JIT
- An existing agent can be updated and converted to JIT be just running the “JustInTime” command line also.
- A manager gives a tech rights to a TechIDManager JIT agent with triplets just like normal.
- The accounts show up in the Tech’s TechClient just like normal, with an additional icon to indicate it is JIT.
- When the tech wants to use the account, they select it in the TechClient and click the “Enable” button.
- Within about 1 minute the account will be enabled, rights assigned to the account, and the newly created password for the account will be sent to the tech in the TechClient.
- After a time set by a manager in the Management Console the account will be automatically disabled, all rights will be stripped from the account, and a new password will be set on the account. The new password is told to no one.
We are happy to cover this in a white glove install or answer any questions, just email firstname.lastname@example.org