Automated Access Management Platform - Entitle - Limit cloud access without pushback

Just in Time Access to SSH

Just in Time Access to


Mitigate risk with just in time access to SSH. Improves security by limiting exposure, reduces attack surface, and simplifies operational workflows.

Just in Time Access - Entitle

Time-bound admin role escalations

Just in Time Access - Entitle

Temporary access that is revoked when no longer needed

Just in Time Access - Entitle

Faster access for employees and contractors

Just in Time Access - Entitle

Audit logs for access reviews

What is Just in Time Access?

Just-In-Time (JIT) access refers to granting permissions or access to a user only when it's needed and for the least amount of time necessary to complete a task. This approach minimizes the risk associated with attackers gaining access to unused or unnecessarily granted privileges. JIT access is commonly used in the realm of cybersecurity to enhance data protection and regulatory compliance.

Benefits of Just in Time Access to


1. **Enforces Least Privilege Access in SSH Operations** Just in time access and privilege escalation allows the enforcement of least privilege access, understanding that users are only given the necessary permissions for a limited time. This reduces the risk associated with persistent privileged access, thus improving your SSH security posture.

2. **Mitigates Insider Threats** Employing just in time access and privilege escalation significantly reduces the potential damage from insider threats. By minimizing the window of opportunity for malicious actions, it limits the access of users to sensitive SSH keys and resources, adding an extra layer of protection to your infrastructure.

3. **Minimizes Human Error Impact** In environments using SSH communication, human errors can exacerbate security vulnerabilities. Just in time access and privilege escalation, by limiting users' access duration and level, controls the potential impact of mishandled SSH keys or erroneous commands.

4. **Streamlines Auditing and Compliance Processes** Implementing just in time methods simplifies the auditing process. It provides comprehensive logs of SSH access activities and privileges granted, offering a clear visibility into user actions for more effective auditing, revealing any irregular patterns, and supporting regulatory compliance efforts.

Use Cases for Just in Time Access to


1. Secure Remote Administration: IT administrators gaining Just-In-Time access to SSH servers enables them to perform tasks like network diagnostics, system updates, and troubleshooting securely, reducing potential security gaps linked to long-term access privileges.

2. Outsourced IT Support: Companies can use Just-In-Time access for outsourced IT service providers who require temporary SSH access to resolve client issues, ensuring they have the necessary authority for a limited time and maintaining client security.

3. Auditability and Compliance: In highly regulated industries where activities need to be audited, Just-In-Time SSH access ensures only authorized personnel with active permissions can access sensitive systems, enhancing governance and compliance.

Explore Entitle’s JIT Access Management Platform

Entitle Just In Time Access - diagram- Just in Time Access - EntitleRequest a demo

How to Implement Just in Time Access to


Entitle Just In Time Access - diagram- How to Implement Just in Time Access to

1. Planning.

  • Assessment
    Begin by identifying who needs SSH access, the resources they need, and why they need it. Document existing access rights and see if they can be minimized or eliminated. For better visibility, consider using a privilege discovery tool.
  • Policy creation
    Develop clear policies for both granting and revoking access. Include parameters on who can request access, in what situations, and for how long. For roles with privileged access, establish time-bound parameters.
  • Source of truth
    Synchronize your SSH system with an Identity Provider (e.g., Okta, Google Workspace, Azure AD, OneLogin). This acts as the definitive source for identities, and using individual identities over shared accounts allows better control over authorization and more accurate auditing.

2. Execution.

  • Self-serve access requests
    Simplify the process by having users request access through a system rather than individuals. Drive adoption rates by integrating with IM platforms like Slack or MS Teams. Make sure requests specify who is asking for access, what kind of service/resource/role they need, how long they need it for, and why.
  • Approval process
    SSH provides an opportunity for organizations to delegate approvals to people with more business context than the IT helpdesk. Resource owners and business unit managers often have better context for these decisions. Send approval requests through messaging platforms for prompt responses, giving approvers necessary information for an informed decision.
  • Conditional approval workflows
  • Implement your predefined policies into workflows that determine access rights. If-then condition assignments can streamline this–if identity group “X” requests access to “Y”, approval from “Z” is needed and “M” should be notified.
  • Integrations
    Increase flexibility by integrating SSH with other IT and security systems. Automate access based on IT ticketing system status; adjust policies based on data sensitivity through linking with data classification systems. Other possibilities might include integrating with on-call schedule software for automated approvals in emergency situations, and with training systems to grant access based on training completion.
  • Automated provisioning and deprovisioning  
    Learn Amazon EKS thoroughly in order to effectively grant and revoke fine-grained access automatically within the service – a crucial aspect of SSH. Ideally, manage all permissions from one place instead of creating or managing an environment for every application in your organization.
  • Access methods
    For Amazon SSH, APIs are preferable for their flexibility and real-time capabilities. However, a mix may be necessary–for instance, using SAML for authentication, SCIM for user provisioning, and APIs for access control decisions.

3. Maintenance.

  • Regular audits
    Regularly check access logs to ensure SSH is functioning as expected. Look for unusual patterns or behaviors, either manually or by feeding the logs to your SIEM. Automating the user access review process can expedite evidence collection, ensure adherence to relevant industry regulations and standards, and delegate reviewers.
  • User training
    Teach users, particularly those with privileged access, about the importance of least privilege and SSH and how they operate. Make sure users know how to request access when necessary.
  • Feedback loop
    Consistently review your SSH procedures and seek feedback from users and IT staff to identify areas for improvement.

By following this methodical approach, you can efficiently implement a robust Just-in-Time Access system for Amazon EKS using SSH.

Temporary JIT Access to


with Entitle

Entitle provides self-serve access requests, flexible policy workflows, and automated provisioning, to restrict unneeded access across cloud infra and SaaS.

Entitle has a native integration with


Entitle has an IdP integration with


Native integration
5 minutes set up with pre-built connectors
IdP integration
Add/remove users from groups in an identity provider
JIT access: self-service requests and authorization workflows
Just in Time Access - Entitle
Just in Time Access - Entitle
HR-driven birthright policies
Just in Time Access - Entitle
Just in Time Access - Entitle
Full audit trails and access reviews
Just in Time Access - Entitle
Just in Time Access - Entitle
Fine-grained visibility of permissions
Just in Time Access - Entitle
Fine-grained, ephemeral provisioning of permissions
Just in Time Access - Entitle

Manage temporary access to


with Entitle

  • Instant visibility allows for precise control and monitoring of all resources, roles, and entitlements within SSH.
  • Has deep knowledge of the tech stack, ensuring the ability to micro-manage permissions effectively within SSH.
  • Bundles feature offers the convenience of grouping different resources across various applications into a single access request.
  • Rapid deployment capabilities allow for a quick setup in minutes and roll-out in just a few days.
  • Comes with prebuilt integrations to over 100 popular cloud services and applications, facilitating seamless operation.
  • High customizability and easy integration with scheduling, ticketing systems, HRIS, and more, speeding up access and optimizing workflows. Automates tasks involved in regulatory user access reviews, ensuring efficient governance.

"I like Entitle because it’s one of those tools I can set up and forget about. I never have to go into it and it just works."

Just in Time Access - Entitle

Mike Morrato
CISO and Global Head of IT,
Noname Security


What is


SSH, or Secure Shell, is a cryptographic network protocol that allows secure data communication over an unsecured network. It provides strong password authentication and secure encrypted data communications between two computers connected over an insecure network. It is widely used by network administrators to control web and other kinds of servers remotely.

Automated Access Management Platform - Entitle - Limit cloud access without pushback

What is Entitle?

Entitle is how cloud-forward companies provide employees with temporary, granular and just-in-time access within their cloud infrastructure and SaaS applications. Entitle easily integrates with your stack, offering self-serve access requests, instant visibility into your cloud entitlements and making user access reviews a breeze.

Discover more integrations

JIT is only the beginning

Entitle Just In Time Access - diagram- JIT is only the beginning - entitle

Explore how you can manage employees' temporary AND birthright permissions, all from one place.

See Entitle in action