Skip to main content

← Back to glossary

Term · 27. Emerging Categories 2024-2026

Just-In-Time (JIT) Access JIT

Just-in-time (JIT) access grants elevated or sensitive permissions only for the moment they are needed and automatically revokes them afterward, eliminating standing privileges. A user requests access, it is approved (often with a reason and time limit), used, then removed. JIT is a core Zero Trust and PAM practice that shrinks the attack surface — there are no always-on admin rights for an attacker to find.

IDM/IGA Domain
PAM NIST Introduced by: Gartner

Definition

Authorization model granting elevated privileges only when needed and for a limited time window, after approval. Replaces standing administrator rights with ephemeral grants that auto-expire (typically 1-8 hours). Reduces attack surface — compromised credentials yield no privileges unless an active JIT grant is in place. Foundation of Zero Standing Privilege (ZSP).

Synonyms
  • Just-in-Time provisioning
Application
Regulatory: Gartner Magic Quadrant / Hype Cycle · NIST SP 800-63 (Digital Identity Guidelines)
Standards & regulations
  • Gartner
  • NIST
Sources

Related terms

← Back to glossary  ·  Open in main list

FAQ

Frequently asked questions

Why eliminate standing privileges?

Standing always-on admin rights are a prime target: if an account is compromised, the attacker inherits them immediately. JIT means privileges exist only briefly and with an audit trail, so a stolen credential is far less useful.

How is JIT access implemented?

Through PAM and IGA tools that broker time-bound elevation: request, approval, temporary grant, automatic expiry. It is often combined with approval workflows, session recording and least privilege.

JIT access vs least privilege?

Least privilege limits how much access a subject has; JIT limits how long they have it. Together they ensure users hold the minimum rights for the minimum time — JIT is least privilege applied to time.