EmpowerID allows for the configuration of Just-In-Time (JIT) account provisioning on computers for specific groups. This feature automatically generates a user account, uniquely identified by combining the user's EmpowerID login with a random string (e.g., jposada_566054625600), and assigns it to the appropriate group at the onset of a PSM session. Upon the session's conclusion, the account is promptly removed from the group. Depending on the specific JIT access settings, this account may either be retained for future use or completely deleted from the system. This JIT strategy reinforces a zero-trust, least-privilege environment, ensuring that access is provided strictly as needed and withdrawn immediately afterward.
Procedure
Navigate to the View One page for the computer to which you want to enable Just-in-Time Access.
The quickest way to do this is to use the Global Search located at the top of each page.
Show MeOn Click the Display Name link on the computer’s View page , click the Display Name link to put the computer in Edit mode.
Navigate to the Just-in-Time Access section, configure the settings according to your policy, and save your changes.
...