Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Least Privilege for AWS Windows instances

RMJ
New Contributor III
New Contributor III

For Jit Access - Saviynt is creating the local account with admin by default with help of create account json in windows endpoint connections.

{
"Name": "${task.accountName}",
"Description":"${user.username}",
"Password": "${randomPassword}",
"accessGrouptype": "admin"
}

Can we restrict this "accessGrouptype" by with non-admin access type based on user entitlements.

i.e : If user has Entitlement "A" then add his account ID to Administrator group and If user has Entitlement "B" then add his account ID to Remote desktop user or Guest group on windows instance when provisioning JIT access.

1 REPLY 1

Gulshan
Saviynt Employee
Saviynt Employee

Please check this guide - https://docs.saviyntcloud.com/bundle/WindowsServer-v23x/page/Content/Understanding-the-Integration-B...

Parameter name is "control" - Specify this parameter for control purpose.

For example, you can use it in CreateAccountJSON to fetch the entitlement value to determine if an account can be associated with an admin or a non-admin user.

For non admin access user would be added to Remote Desktop Users group.