Get Smarter Admin Access for Windows with SureMDM JIT Admin

Admin Access: Necessary but Not Always Convenient

Users often need admin access to do their jobs — like running test scripts, installing applications, or performing advanced troubleshooting. But granting them always-on admin privileges? That’s risky.

On one hand, permanent admin access can lead to unintended changes or even security gaps. On the other, completely locking users out isn’t practical—especially in dynamic or distributed environments. And the challenges don’t stop there:

• IT admins aren’t always available when needed, especially across time zones.
• Manual approval workflows slow things down.
• Temporary access often turns into permanent access because it’s never revoked.

Even something as routine as installing a new app can spiral into a support ticket, a wait, and a workflow disruption. So, how do you empower users with the access they need—without giving up control or slowing down productivity?

Meet Just-In-Time Administrator Access

Instead of handing out admin rights permanently, what if you could grant them only when needed and for a scheduled period of time?

That’s the idea behind Just-In-Time (JIT) Administrator Access.

Just-in-Time Admin is a modern security approach that aligns with Zero Trust Network Access (ZTNA) principles. Instead of handing out permanent admin privileges, JIT Admin grants time-bound, purpose-specific admin access—only when necessary.

In short: You’re not an admin by default. But if you need elevated access for a specific task, you can request it, and an administrator can approve, deny, or modify that request in real time.

It’s a simple shift, but it can dramatically reduce the manual efforts from your IT team. 

And now, with SureMDM JIT Admin, this process becomes seamless for both admins and end-users. Let’s walk you through how it works and what makes it powerful. 👇

Introducing SureMDM JIT Admin for Windows

With SureMDM JIT Admin, IT teams can now allow temporary elevated privileges—on demand, with full visibility and control.

Whether it’s for apps, scripts, or account-level access, you get a time-bound, audit-ready way to manage admin rights without compromising on security or slowing users down.

How SureMDM JIT Admin Works

1. Request Access via the SureMDM Agent
   Users open their Windows SureMDM Agent and submit a JIT Admin request. They can choose to request:
   • Access to a specific application for Windows
   • Permission to run a custom script for Windows
     💡Before approval, the admin can review the full script content, helping ensure nothing harmful gets through.
   • Temporary admin-level access for the whole account for Windows.
     💡Reserved for exceptional cases. Users can request temporary device-level admin access. 
2. Admin Receives the Request
   The administrator gets a notification (on the console and by email), views the request, and can:
   • Approve it as-is
   • Deny the request
   • Modify the request (e.g., reduce the access duration)
3. Use “Run with SureMDM JIT”
   Users get real-time updates on request status and instant alerts when a request is approved, denied, or modified. Once approved, they can right-click on an approved app or script and select “Run with SureMDM JIT” to launch it with elevated privileges—without affecting device restrictions.
4. Time-Bound Access
   Access is granted for the approved duration—say, 2 hours. Once the time’s up, privileges are revoked automatically.
   💡Admins can also extend admin access or even create a new request based on user extension request. 

This process minimizes support tickets drastically—simple for users, safe for admins. Here’s a quick look below:

Admin View: Managing JIT Requests in the SureMDM Web Console

1. Pre-Approved Apps – Skip the Request Process

For frequently used apps that require admin access, IT admins can create pre-approval rules. Once set, users can launch these apps instantly using JIT access—no request needed.

Admins can:

• Add apps by name 
• Choose target devices or groups

From the user’s side? It’s as easy as right-clicking the app and selecting “Run with SureMDM JIT.”

2. Live JIT Requests – Real-Time Oversight

The Live JIT Requests section in the SureMDM console displays all incoming requests. Admins can review, approve, deny, or even schedule them for later. Here’s how requests are categorized:

• Pending – Waiting on admin action
• Active – Approved and currently granted privilege
• Scheduled – Set to activate at a future date/time
  💡Admins can pre-schedule JIT access with set times, access type, target devices or users, and a reason—ensuring timely access without compromising security or last-minute support overhead.

Each request includes full details on:

• Device and user info
• Access type (App / Script / Account)
• Requested duration and reason
• Status (e.g., In Progress, Denied, Completed)
• Full timestamped activity logs

3. Past Requests – Full Audit Trail

Need to run an audit or investigate usage patterns? The Past Requests section provides a searchable, detailed log of every JIT request—granted or denied. Each record shows:

• Device name and user account
• Access type (Script/App/Account)
• App/script name and publisher (if applicable)
• Requested by, date/time, expiry, and reason
• Final status: Denied, Expired, Completed, Revoked

You can even drill down into individual devices from grouped entries for granular insights. Here’s how it would look from the SureMDM console:

4. JIT Admin Settings 

From SureMDM Account Settings, admins can:

• Enable or disable the JIT feature at an Account Level 

From SureMDM Agent Settings, admins can:

• Set the ability to submit JIT requests to the admin
• Set daily request limits per user (between 3–10/day)

💡If a user hits their daily cap, admins can still manually create a new JIT request from the console and grant access to the user.

Why SureMDM JIT Admin Is a Game-Changer

• Security-first: No more always-on admin rights
• Friction-free for users: Elevate when needed, with minimal delay
• Configurable: Daily request limits, pre-approved apps, flexible durations
• Auditable: Complete request history with timestamps and user trails
• Time-saving: Cuts down on IT support tickets and one-off permission issues
• Zero Trust, Zero Disruption: Supports Zero Trust policies without slowing down productivity

Final Thoughts

SureMDM Just-in-Time Admin isn’t just a feature—it’s a mindset shift. It empowers IT teams to protect systems without blocking productivity, proving once again that security and usability can coexist.

SureMDM JIT Admin offers a smart, scalable, and secure way to give users just enough access, just in time, and just for as long as they need it.