Elevated Access on Endpoints

Overview

Keeper Privilege Manager extends JIT capabilities to endpoints, allowing administrators to grant precise privilege elevation for specific processes, applications, or tasks — without giving users full administrative access. Users operate with standard, non-privileged accounts by default and request elevation only when needed.

Key Features

• Process-level privilege management across Windows, macOS, and Linux

• Policy-based elevation rules with granular controls

• User-initiated elevation requests with approval workflows

• Comprehensive auditing and reporting

How It Works

1. Users operate with standard, non-privileged accounts by default.

2. When administrative privileges are needed, users request elevation for a specific task.

3. Based on policy, requests are auto-approved or routed for manual approval.

4. Elevated privileges are granted only for the specified process or time window.

5. All elevation activity is captured in a full audit trail.

Where to go next

Endpoint JIT on user devices is delivered through Keeper Endpoint Privilege Manager.

If you want to understand the product and rollout model, start with the Endpoint Privilege Manager overview.

If you are ready to enable and deploy it, continue to Getting Started.

Common next steps:

• Review the product overview and policy model in Endpoint Privilege Manager.

• Set up licensing, permissions, and agent deployment in Getting Started.

• Learn how day-to-day approvals work in Managing Requests.