Automatic JIT assignment group
We use JIT for tempory DomainAdmin / SchemaAdmin and EnterpriseAdmin rights. In the feature we wan't to add o other group to JIT.
Is it possible to automatic assign a right (group) when a user check-out a account?
The use case is:
User-X has no group assigned (in this example "DomainAdmin")
Use PAM to checkout this account
JIT assign automatic a group without check the checkbox in the check-out screen.
The idea about this is that the account is standard a normal user. The user has about 2 days a week the addiotional needed. So when the account is hayjacked during these 5 days it has normal rights. 
9f377dc0-6591-4984-80f8-937173d15c36.png
a9bef9c5-e9c5-4067-8e0f-2ab2c214b223.png
All Comments (1)
Hello,
Thank you for reaching out!
My name is William and I'm here to assist you in any way I can.
This is not currently possible with the JiT Elevation. You could configure some JiT Privilege sets to limit the availability of certain group to specific users.
I would recommend opening a Feature Request here: https://forum.devolutions.net/forums/34/devolutions-server--feature-request
Feel free to reach out if you have any questions or need further clarification.
Best regards,