Connect
Granting the right level of access can feel like an art when you need the science of a Zero Trust world. JumpCloud provides two powerful, yet distinct, features to govern resource access: Access Requests and Privileged Access Management (PAM).
While both enforce Just-in-Time (JIT) Access and the Principle of Least Privilege, they are designed for fundamentally different users and security challenges. Understanding this distinction is key to building a robust and efficient security posture.
JumpCloud Access Requests: Streamlining Everyday User Access
JumpCloud Access Requests is the modern solution for managing day-to-day, non-privileged access needs. It focuses on automation, workflow, and streamlining the process of getting temporary permissions for standard tasks for employees, contractors, and specific project teams.
Key Features of JumpCloud Access Requests:
- Self-Service Portal: Users can easily initiate requests for the specific resources they need through a centralized, user-friendly interface.
- Custom Approval Workflows: Requests are automatically routed through defined approval chains (e.g., direct manager, team lead, resource owner) before any access is granted, ensuring necessary sign-off.
- Just-in-Time Provisioning: Upon approval, the user is automatically added to a designated JumpCloud User Group which grants them the necessary permissions for the resource.
- Notification Integration: Approvers and requesters receive real-time notifications via Slack and Email, speeding up the entire process and reducing administrative friction
. - Audit Logging: Every step—request, approval, granting, and revocation—is logged, providing a clear audit trail for non-privileged, temporary access events.
JumpCloud Privileged Access Management (PAM): Fortifying the Keys to the Kingdom
JumpCloud PAM is engineered to provide the highest level of security and control over privileged accounts, those with elevated, high-impact permissions like root or administrator. This is the essential layer of defense for IT administrators who interact with critical infrastructure.
Key Features of JumpCloud PAM:
- Secure Credential Vaulting and Rotation: Credentials (Windows passwords, SSH keys) for privileged accounts are stored in an encrypted vault, never exposed to the end-user. PAM automatically manages and rotates these secrets to prevent theft and exposure.
- Session Monitoring and Recording: JumpCloud PAM not only grants access but enforces full monitoring and recording of the privileged session, including command-level logging and screen recording for all sessions.
- Access Brokering (No Direct IP Exposure): PAM acts as a secure intermediary, or a “broker,” connecting the privileged user to the sensitive server or database without requiring the user to be on the internal network or exposing the target system’s direct credentials/IP address.
- Just-in-Time and Just-Enough-Access (JEA): Access to the vault is granted only when the admin needs it, and only for the specific system or resource required for the task.
- MFA Enforcement: Strong Multi-Factor Authentication (MFA) is required for all privileged access attempts, adding the highest level of identity assurance.
- Policy-Based Access: Granular, policy-driven rules dictate exactly who can access which high-value systems, under what conditions, and with which specific elevated roles.
- BYOD & Unmanaged Device Safe Access: Privileged activity is proxied, enabling users to connect from unmanaged endpoints without the device joining the internal network. Policies can control or block clipboard, file transfer, and drive mapping.
- Remote Browser Isolation for Web Targets: For sensitive web consoles, sessions are rendered server-side, with only pixels streaming to the user. This isolates internal resources from the endpoint, reducing malware and plugin risk while preserving full auditing.
The Ultimate Comparison: Access Request vs. PAM
| Feature | JumpCloud Access Request | JumpCloud Privileged Access Management (PAM) |
| Primary Goal | Streamline temporary, non-privileged access and workflow. | Secure, monitor, and control high-risk, elevated access. |
| Target Users | General employees, contractors, specific project teams. | IT administrators, DevOps engineers, Security personnel, Contractors. |
| Method of Access | Grants access to a User Group bound to the resource. | Brokers a secure session without revealing credentials. |
| Key Security Mechanism | Automated approval workflows and auto-revocation. | Credential Vaulting, Session Recording, and Access Brokering. |
| Session Visibility | Logs the approval, granting, and revocation events. | Records every action: command-level logging and screen recording. |
| Compliance Focus | Enforcing least privilege principles organization-wide. | Meeting strict audit requirements (e.g., HIPAA, ISO 27001, PCI-DSS). |
The Power of Both: Unified Access Control
JumpCloud’s unique strength is offering both tools within a unified Identity Platform. By leveraging Access Request for streamlined user access and PAM for rigorous control over critical systems, your organization gains total access governance. This combined approach allows you to maximize operational agility while simultaneously minimizing catastrophic risk, all within a single, cohesive Zero Trust framework.
Ready to Govern All Your Access? Start your JumpCloud free trial today and take control of every access scenario in your organization.
