HP Client Security Commercial Managed IT Software Technical whitepaper

HP Client Security Technical Whitepaper

August 2016

747889-002

HP Device Access Manager (HPDAM) 25

12.1.3 Just In Time Authentication (JITA) Configuration

JITA Configuration shown in Figure 5 allows the administrator to view and modify lists of user groups that are allowed to

access devices using JITA. JITA-enabled users will be able to access some devices for which policies created in the Device

Class Configuration have been restricted.

Figure 5 HP Device Access Manager

The JITA period authorization can be for a set number of minutes or an “Unlimited” duration that will not expire. With

“Unlimited” duration, users have access to the device from the time they authenticate until the time they log off the system.

The JITA period can also be extended one minute before the JITA period is about to expire. The JITA period expires as soon

as the user logs off the system or another user logs in ; whether the user is given a limited or unlimited JITA period. The next

time the user logs in and attempts to access a JITA-enabled device a prompt to enter credentials displays. Since JITA

leverages HP Client Security’s Credential Manager, user should be able to authenticate with any

applicable/available/enrolled credential as per the session policies.

An example of this is that Device Access Manager can set access to removable storage devices to 15 minutes of access after

requiring successful authentication. Once that 15-minute session is over, Device Access Manager will deny access to

removable storage without another successful authentication.

JITA is available for Optical drives and Removable Media.

 Along with “Deny,” there are 3 “Allow” access configurations.

○ “Allow – Read Only”

○ “Allow – Full Access”

○ “Allow – JITA Required”

Just In Time Authentication will deny access to a device until a user tries to access it. Then, if policy permits, the user can

authenticate and gain access to the device for a configurable period of time.