Overview

I designed the Just-In-Time (JIT) Access feature for Active Directory, Local, and Entra ID administrator accounts. This feature enables secure, temporary, and passwordless access via the QTech app.
Reducing risks from always-active privileged accounts.

The Problem

Administrator accounts hold extensive permissions

Leaving them permanently active exposes organizations to potential security breaches. However, disabling them completely can slow down technicians during emergencies.

We needed that

Allowed on-demand access for technicians

Automatically disabled accounts after use

Balanced security, visibility, and usability

How might we enable technicians to obtain privileged access only when needed, without adding friction to their workflow or compromising system security?

Ideation

Understanding the Workflow

I mapped how the type of account have different risks when there is a regular admin account and the difference between the JIT accounts. Identifying what the user needs to have.

Hypothesis

If technicians could create and activate temporary accounts that automatically expire after use, organizations could eliminate persistent privileged accounts and reduce exposure.

Research & Insights

Through interviews and user testing, we learned:

Technicians typically reused the same privilege sets per customer.
Reconfiguring permissions each time wasted time and created inconsistencies.

Key insight: Standardizing access configurations into JIT Policies could simplify activation and ensure consistent security practices.

Design Solution

My focus was to make activation as frictionless as possible while maintaining clear visibility for security admins.

Tenant Level — Policy Definition

At the organizational level, administrators can:

Define which privileges new JIT accounts
Set how long each session remains active
Control who can use the JIT feature

Technician Level — Activation

Technicians can activate accounts through:

CyberQP Dashboard
Passwordless requests via QTech App

Wireframing & Iteration

I started with low-fidelity wireframes to explore how users could create and activate accounts in fewer steps.  We ran feedback sessions with technicians to test ease of use and refine flows.  Subsequent iterations focused on balancing speed, clarity, and security visibility.

Dashboard

Hand-drawn wireframe sketches and notes detailing the creation and management of Just In Time (JIT) accounts, showing UI elements for account types, privileges, duration, and key benefits highlighted in green.

QTech App - Passwordless Sign In

Wireframe sketches showing a passwordless login flow with screens for request login, edit account with fields for customer, computer, account, expiration, and a highlighted option to activate JIT with selectable items.

Four screenshots showing a technician sign-in process with a desktop sign-in screen and a mobile phone approving and confirming sign-in requests.

Watch it in action

View Demo

Outcome

In 2023

First JIT Access release launched

In 2024

Expanded with policy creation, passwordless login, and a Chrome Extension

Adoption

Rapid uptake among technicians; many partners now use JIT accounts daily.

Business impact

Contributed to CyberQP’s $12M funding round

What I learned

Security design succeeds when users trust it and can work faster, not slower

Small workflow optimizations, like reusable JIT Policies, create outsized adoption impact

Cross-team collaboration was essential to align UX goals with a complex system

CyberQP

Just-in-Time Accounts

Role

Team

Timeline