JIT Access Portal
The JIT (Just-In-Time) Access Portal enables end users to request temporary, time-bound AWS access without maintaining standing permissions. Through an SSO-authenticated interface and a multi-level approval workflow, your organization can enforce least-privilege access while giving teams the flexibility to get the permissions they need, when they need them.
Who Uses the JIT Portal?
The JIT Portal serves two primary audiences:
- Requesters (Viewers and above) -- Anyone who needs temporary AWS access. They submit requests, track their status, and monitor active sessions.
- Approvers (Approvers, SSO Admins, and Admin) -- Account owners and administrators who review, approve, or reject incoming access requests and manage active sessions.
Portal Navigation
The sidebar organizes features by role. All authenticated users see the requester section; users with Approver-level roles or above see additional management tools.
Requester Section
| Menu Item | Description |
|---|---|
| Dashboard | Personalized overview with stat cards, and recent requests |
| Request Access | Submit a new JIT access request using a standard or custom permission set |
| My Requests | View and track all your submitted requests |
| Active Sessions | Monitor your currently active sessions and their remaining time |
Approver Section
Displayed below a divider in the sidebar for users with Approver (level 1) or higher roles.
| Menu Item | Description |
|---|---|
| Pending Approvals | Queue of requests awaiting your review (shows badge with count) |
| Request History | Full history of all requests with status filtering |
| Manage Sessions | View and revoke active sessions for accounts you own |
| Owned Accounts | Browse AWS accounts you own with pending and active request counts |
Dashboard
After logging in, you land on the JIT Dashboard, which provides a personalized overview of your access activity.
Stat Cards
The dashboard displays four summary cards at the top:
| Card | Description | Visible To |
|---|---|---|
| Active Sessions | Number of your currently active JIT sessions | All users |
| Pending Requests | Number of your requests awaiting approval | All users |
| Pending Approvals | Number of requests waiting for your review | Approvers only |
| Total Requests | Total number of requests you have submitted | All users |
The JIT Access Lifecycle
Every access request follows a defined lifecycle from submission to expiration:
Standard Permission Set:
Request → Pending → Approved → Active Session → Expired
→ Rejected
Custom Permission Set:
Request → Pending Owner → Owner Approved → Pending Admin → Admin Approved → Active Session → Expired
→ Owner Rejected
→ Admin Rejected
Next Steps
- How JIT Access Works -- Understand request statuses, sessions, and the full lifecycle
- Authentication -- Learn how to log in via SSO
- Request Access -- Submit your first access request
- Approver Guide -- Get started as an approver