HP EliteDesk 800 G1 Ultra-slim PC Client Security Commercial Managed IT Softwa - Page 21

Just In Time Authentication (JITA) Configuration JITA Configuration shown in Figure 5 allows the administrator to view and modify lists of user groups that are allowed to access devices using JITA. JITA-enabled users will be able to access some devices for which policies created in the Device Class Configuration have been restricted. Figure 5 HP Device Access Manager The JITA period authorization can be for a set number of minutes or an "Unlimited" duration that will not expire. With "Unlimited" duration, users have access to the device from the time they authenticate until the time they log off the system. The JITA period can also be extended one minute before the JITA period is about to expire. The JITA period expires as soon as the user logs off the system or another user logs in ; whether the user is given a limited or unlimited JITA period. The next time the user logs in and attempts to access a JITA-enabled device a prompt to enter credentials displays. Since JITA leverages HP Client Security's Credential Manager, user should be able to authenticate with any applicable/available/enrolled credential as per the session policies. An example of this is that Device Access Manager can set access to removable storage devices to 15 minutes of access after requiring successful authentication. Once that 15 minute session is over, Device Access Manager will deny access to removable storate without another successful authentication. JITA is available for Optical drives and Removable Media.  Along with "Deny", there are 3 "Allow" access configurations. o "Allow - Read Only", o "Allow - Full Access" o "Allow - JITA Required". Just In Time Authentication will deny access to a device until a user tries to access it. Then, if policy permits, the user can authenticate and gain access to the device for a configurable period of time. 21