Overview of JITPBAC
Last updated
Was this helpful?
Last updated
Was this helpful?
What is JITPBAC?
JITPBAC (Just-in-Time Purpose-Based Access Control) is a dynamic and purpose-driven access control framework designed to enhance security and operational efficiency by provisioning access to identities in Cloud, SaaS applications only when it is explicitly required and for a defined period of time. The model reduces the exposure of sensitive resources to potential threats, particularly when credentials are compromised, by adhering to the principle of least privilege.
Key Features of JITPBAC
Default Deny Policy (Zero Trust): Identities have no access by default. Access is provisioned only through assigned Purposes, ensuring strict access control.
Purpose-Centric Access: Access is organized under Purposes, which define specific combinations of users, resources, and temporal access windows.
Eligibility and Approval: Identity owners must request access to a Purpose and provide supporting details (e.g., duration, time of use). Approval from a risk manager is required to ensure compliance with organizational policies.
Automated Provisioning and De-provisioning: Access is automatically provisioned at the start of a defined time window and de-provisioned at its end. Notifications are sent before de-provisioning to allow extensions if permitted.
Constraints for Enhanced Security: Constraints define rules that limit or restrict access based on organizational policies or specific conditions. Purposes and Constraints are interdependent to prevent violations.