Skip to main content

Just-In-Time (JIT) Request Management

Creating JIT Request (Admin-Initiated)

SureMDM allows IT administrators to manually create JIT admin sessions for users.

Steps to Create a Live Request from SureMDM Console

  1. Navigate to SureMDM Console > Security > SureMDM JIT Admin > macOS > Live Requests.

  2. In the Live Reqeusts accordion, click Create.

  3. In the Create Live Requests popup, configure the following options and click Save

Request Details

SettingsDescription
JIT Access NameSpecify the Just-In-Time access name.
User account nameEnter the user account name for JIT access. If the username does not match on the target device, elevation from standard to administrator account will be ignored.
Duration TypeSelect the access type. Options:
- Fixed: Deploying the Just-In-Time Access configuration as a Fixed type will immediately initiate the access once it is deployed on the target devices.
- Scheduled: Deploying the Just-In-Time Admin Access configuration as a Scheduled type will initiate the access only at the specified date & time
Just-In-Time Admin Access DurationSpecify the duration for Just-In-Time access. Applicable only if Duration Type is selected as Fixed.
Date & TimeSet the date & time for Just-In-Time access. Applicable only if Duration Type is selected as Scheduled.
Internet Access RequiredIf enabled, when the device goes offline during an active JIT session, the access will be revoked within 5 minutes. It will remain revoked until the device reconnects to the internet.

alt text

Group or Device Assignment - Select the target device or group(s). alt text

  1. Click Save.

The created request will list in the respective section based on the request type (Either on Active or Scheduled Requests).

JIT Request Entries

The SureMDM Just-In-Time (JIT) Admin request entries are organized into two main sections (accordions) within the console for better clarity and management:

  • Live Requests – Displays all active, pending, and scheduled JIT requests that are currently in progress or awaiting action.
  • Past Requests – Serves as an audit trail, listing all completed, denied, revoked, expired, or failed JIT requests for reference and compliance purposes.

1. Live Requests

The Live Requests accordion is used for managing time-bound admin access initiated by users or created manually by IT admins. This section is organized into three tabs, each representing a different lifecycle state of a JIT request:

a. Pending Requests

This tab displays all access requests that are awaiting administrative action.

Actions Available:

  • Approve: Grants access and moves the request to the Active tab.
  • Deny: Rejects the request, moving it to Past Requests.
  • View/Modify: Adjust the time window before approving.

Each entry includes the JIT Name, duration, device info, justification and other related information.

When a user raises a Just-In-Time request from the SureMDM Agent, a real-time notification is shown in the SureMDM console. Clicking the notification will take the admin directly to this tab.

b. Active Requests

Displays all ongoing JIT sessions currently in effect on devices.

  • Each active request is tied to a timer based on the approved duration.
  • Admins can view progress and intervene if needed.
  • The request is automatically moved to Past Requests once the time expires or access is revoked.
  • If Internet Access Required was enabled during configuration and the device goes offline for more than 5 minutes, access is revoked automatically and will not resume until the device is online again.

Actions Available:

  • Revoke: Revokes the JIT access of an ongoing JIT session.
  • Extend Access: Extends the JIT access for an ongoing JIT session.

c. Scheduled Requests

The Scheduled Requests tab under the Live Requests accordion lists all JIT access sessions that have been configured to start at a specific time in the future.

  • Requests can be scheduled by IT admins for time-bound maintenance, audits, or deployments.
  • When the scheduled time arrives, SureMDM will automatically activate the request on the target devices.
  • Once active, the request will move to the Active Requests tab, and the session timer will begin.
  • After the scheduled duration elapses, the session ends automatically and is moved to Past Requests for auditing.

Actions Available:

  • Revoke: Revokes the JIT access of the scheduled JIT session.

Live Request Table Columns

Columns might vary based on the request section

Column NameDescription
JIT Access NameName given to the JIT request.
Device DetailsDevice(s) the request applies to.
Remaining TimeTime left before the session expires (active only).
User NameUsername for which access is granted.
Duration TypeFixed or Scheduled.
Requested ByRequest initiator (User/Admin).
Requested Date & TimeTimestamp when the request was created.
Expiry Date & TimeScheduled end time.
Approved ByUsername of the approver.
Approved Date & TimeTimestamp when the request was perfromed with approval action.
JIT StatusCurrent status — Pending, Active, Scheduled, etc.
Reason By UserUser’s justification.
Reason By AdminAdmin notes at the time of approval or denial.

2. Past Requests

The Past Requests accordion functions as an audit trail, listing all previously approved, denied, or expired JIT sessions.

Column Definitions

Column NameDescription
JIT Access NameName of the completed or expired JIT session.
Device DetailsDevice(s) where JIT was executed.
User AccountAccount with elevated access.
Requested ByUser/Admin who created the request.
Duration TypeFixed or Scheduled.
JIT Access DurationTotal duration of the JIT Access.
JIT StatusCompleted, Denied, Expired, Revoked, etc.
Requested Date & TimeWhen the request was submitted.
Approved ByUsername of the approver.
Approved Date & TimeTimestamp when the request was perfromed with approval action.
Start TimeWhen the JIT session began.
End TimeWhen the session ended.
Reason By UserUser’s reason for the request.
Reason By AdminAdmin’s remarks.
JIT Access Revoked ByAdmin who revoked the session.
Extension RequestedWhether extension was requested.

Status Desciption

StatusDescription
CompletedDisplayed when an approved JIT session has successfully ended.
RevokedDisplayed when an approved JIT request is revoked from the console before the session is completed.
Pre-RevokedDisplayed when an approved JIT request is revoked from the console before the session begins.
ExpiredDisplayed when an approved JIT request fails to initiate within the specified period.
ActiveDisplayed when a JIT session is currently in progress.
ScheduledDisplayed when a JIT session is planned to start at a future time.

Available Table Controls

  • Search
  • Refresh
  • Export
  • Column Chooser

This section ensures compliance teams and IT auditors have full visibility into all privileged access activities.

Operational Notes

  • Admins can manage the following JIT configurations through SureMDM Agent Settings:
    • Daily Request Limit – Define how many JIT requests a user can submit per day. By default, the limit is 3 requests per day.
    • Visibility Control – Choose whether the SureMDM JIT Admin section is displayed in the Agent.
    • Request Submission Restriction – Prevent users from submitting JIT requests directly from the Agent.
  • If device loses internet:
    • JIT session continues unless Internet Access Required is enabled
    • Time always continues to decrement
  • Access is auto-revoked once timer expires.