Demo Overview
Users want to be productive and don’t like it when they’re kept waiting for a support ticket to do something simple like installing a printer driver. Likewise, IT can’t grant permanent privileged permissions: it creates security risks for the endpoint and beyond. Manually assigning admin rights introduces the change for human error and won’t scale. Fortunately, there’s a better way.
JumpCloud makes it possible to set an individual user’s privilege on a device for a selected period of time with automated expirations that will return to permissions the previous setting without the admin taking additional (manual) steps. It’s fully audited and managed.
We’re going to show you how. This will only take a few minutes. Let’s get started.
Prerequisites
Not every step here is necessary to complete this tutorial, but you’ll be doing these things anyway if you want to experience your trial as if you’re implementing the product.
- To complete this tutorial, we recommend that you have completed the following walkthroughs (or have set up your instance with the appropriate assets on your own):
Demo Walkthrough
This is one of the simplest walkthroughs with the highest paybacks. You’ll learn how to assign permissions to a user and the device that they’re bound to. We’ll also review its reporting features.
Are you a visual learner? Try this simulation as practice.
Step 1: Determine the User and Device
- Log in to the JumpCloud Admin Portal.
- Go to User Management > Users.
- Select a user. The user Highlights tab displays.
- Click the Devices tab to view the devices connected to this user. The user’s bound devices display by default.
- (Optional) To display both bound and unbound devices, clear the show bound device check box.
- On the desired device, go to the Permissions column and click the pencil to Edit permissions.
Resources:
Temporary User Permissions Per Device (Simulation)
Set Admin Sudo Privileges
Step 2: Assign Permissions and Duration
- In the Permissions Change window, select Administrator/Sudo Access and select the appropriate Duration from the dropdown.
- For example, if the user needs to install software on their device, select a short time period such as 1 hour. After the designated time, the user’s permission returns to No Elevated Permissions.
- Click Apply.
- Click save user.
Permission changes can take up to 10 minutes to expire on the device. Important: Windows users may need to log out and log back in for permissions changes to take effect.
To modify existing temporary Admin/Sudo permissions:
- Log in to the JumpCloud Admin Portal.
- Go to User Management > Users.
- Select the user in the list. The user Highlights displays.
- Click the Devices tab and locate the device with remaining time on Administrator/Sudo Access.
- In the Permissions column, click the pencil to Edit the elevated permissions.
- In the Permissions Change window, select No Elevated Permissions to change the user’s permission level for this device.
- Click Apply.
- Click save user.
Resources:
Set Sudo Privileges
Users Group Elevated Permissions Via API
Step 3: Review Directory Insights (Optional)
Data or events are generated when the privilege is elevated, used, automatically expired, and returned to its previous state. Here’s how to review those events:
- Log in to the JumpCloud Admin Portal.
- Go to Directory Insights
Bonus Simulations
Windows MFA Login (Tutorial)
Final Results
You’ve just learned how to manage time-bound privilege elevation. You’re one step closer to greater IT efficiency and more satisfied users.
Get prepped now
Don’t stop now. Learn about JumpCloud Go™, for passwordless authentication that’s phishing-resistance and reduces MFA fatigue for your users. You’re on the path to achieving an equilibrium between security and productivity.