Reason that JIT use tempory groups
What is the philosophy for using temporary groups in the JIT configuration?
We monitor our priviliged groups like Domain Admins and now we see only that a tempory group group is added, PAM-<GUIDnR> and not direct the added users. So our monitor reporting doesn't give direct the user who is added to the group.
All Comments (2)
If you monitor the groups, this makes no sense as you cannot see which user has been granted the rights. However, you can find this out via the reports.
We have the same, but send the logs from devolutions to our SIEM system and match the whole thing.
Hello Freddy,
Thanks for your question.
Basically, this allows DVLS to set an expiration time on the temporary folder, which can be useful if AD is not reachable when checking in.
You can see it as a failsafe.
As @adillinger1 mentioned, reports will fill the gap.
I hope this answers well.
Have a great one!
Best regards,
Alex Belisle