[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-security-solution?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.paloaltonetworks.com/deploybravely?ts=markdown) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Identity Security](https://www.paloaltonetworks.com/cyberpedia/identity-security?ts=markdown) 3. [Privileged Access Management](https://www.paloaltonetworks.com/cyberpedia/what-is-privileged-access-management?ts=markdown) 4. [Just-in-Time Access](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit?ts=markdown) Table of Contents * [What Is Privileged Access Management (PAM)?](https://www.paloaltonetworks.com/cyberpedia/what-is-privileged-access-management?ts=markdown) * [Privileged Access Management Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-privileged-access-management#privileged?ts=markdown) * [Why PAM Is Critical Today](https://www.paloaltonetworks.com/cyberpedia/what-is-privileged-access-management#why?ts=markdown) * [How PAM Works](https://www.paloaltonetworks.com/cyberpedia/what-is-privileged-access-management#how?ts=markdown) * [Core Pillars of Modern PAM Strategy](https://www.paloaltonetworks.com/cyberpedia/what-is-privileged-access-management#core?ts=markdown) * [Examples of Privileged Access](https://www.paloaltonetworks.com/cyberpedia/what-is-privileged-access-management#examples?ts=markdown) * [PAM Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-privileged-access-management#pam?ts=markdown) * [Common PAM Challenges and How to Solve Them](https://www.paloaltonetworks.com/cyberpedia/what-is-privileged-access-management#common?ts=markdown) * [Use Cases \& Real-World Scenarios](https://www.paloaltonetworks.com/cyberpedia/what-is-privileged-access-management#scenarios?ts=markdown) * [Emerging Trends: Where PAM Is Going](https://www.paloaltonetworks.com/cyberpedia/what-is-privileged-access-management#emerging?ts=markdown) * [Privileged Access Management FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-privileged-access-management#faqs?ts=markdown) * [What Is Defense-in-Depth?: A Layered Cybersecurity Strategy](https://www.paloaltonetworks.com/cyberpedia/what-is-defense-in-depth?ts=markdown) * [Defense-in-Depth Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-defense-in-depth#explained?ts=markdown) * [Key Data: Threats \& Trends](https://www.paloaltonetworks.com/cyberpedia/what-is-defense-in-depth#key?ts=markdown) * [The Core Architectural Components of Defense-in-Depth](https://www.paloaltonetworks.com/cyberpedia/what-is-defense-in-depth#core?ts=markdown) * [Defense-in-Depth in the Modern Cloud and Identity Landscape](https://www.paloaltonetworks.com/cyberpedia/what-is-defense-in-depth#landscape?ts=markdown) * [Disrupting the Attack Lifecycle: Defense-in-Depth and Lateral Movement](https://www.paloaltonetworks.com/cyberpedia/what-is-defense-in-depth#disrupting?ts=markdown) * [Defense-in-Depth versus Zero Trust Architecture](https://www.paloaltonetworks.com/cyberpedia/what-is-defense-in-depth#architecture?ts=markdown) * [Best Practices for Implementing a Layered Security Model](https://www.paloaltonetworks.com/cyberpedia/what-is-defense-in-depth#best?ts=markdown) * [Defense-in-Depth FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-defense-in-depth#faqs?ts=markdown) * What Is Just-In-Time Access? * [Just-in-Time Access Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#explained?ts=markdown) * [Key Data: Threats and Trends](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#key?ts=markdown) * [Types of Just-in-Time Access](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#types?ts=markdown) * [How Just-in-Time Access Works (Conceptual Flow)](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#how?ts=markdown) * [Key Components and Capabilities](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#components?ts=markdown) * [Key Steps to Implementing Just-in-Time Access](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#steps?ts=markdown) * [Common Risks and Implementation Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#risks?ts=markdown) * [Just-in-Time Access in a Zero Trust and Modern Security Architecture](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#architecture?ts=markdown) * [Just-in-Time Access FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#architecture?ts=markdown) * [Zero Standing Privileges: Protecting Enterprise Access Control](https://www.paloaltonetworks.com/cyberpedia/zero-standing-privileges?ts=markdown) * [Zero Standing Privileges Explained](https://www.paloaltonetworks.com/cyberpedia/zero-standing-privileges#zero?ts=markdown) * [ZSP and Other Access Models](https://www.paloaltonetworks.com/cyberpedia/zero-standing-privileges#vs?ts=markdown) * [The Critical Risk of Standing Privileges](https://www.paloaltonetworks.com/cyberpedia/zero-standing-privileges#privileges?ts=markdown) * [Key Benefits of Adopting ZSP](https://www.paloaltonetworks.com/cyberpedia/zero-standing-privileges#key?ts=markdown) * [A Practical Roadmap for ZSP Implementation](https://www.paloaltonetworks.com/cyberpedia/zero-standing-privileges#practical?ts=markdown) * [Zero Standing Privileges FAQs](https://www.paloaltonetworks.com/cyberpedia/zero-standing-privileges#faqs?ts=markdown) * [What Is Least Privilege Access?](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access?ts=markdown) * [Least Privilege Access, Defined](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access#definition?ts=markdown) * [Benefits of Least Privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access#benefits?ts=markdown) * [Example of Least Privilege Access](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access#example?ts=markdown) * [Least Privilege vs. Zero Trust](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access#vs?ts=markdown) * [Managing Least Privilege Access](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access#manage?ts=markdown) * [Least Privilege Access FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access#faqs?ts=markdown) # What Is Just-in-Time (JIT) Access? 3 min. read [Explore Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) Table of Contents * * [Just-in-Time Access Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#explained?ts=markdown) * [Key Data: Threats and Trends](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#key?ts=markdown) * [Types of Just-in-Time Access](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#types?ts=markdown) * [How Just-in-Time Access Works (Conceptual Flow)](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#how?ts=markdown) * [Key Components and Capabilities](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#components?ts=markdown) * [Key Steps to Implementing Just-in-Time Access](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#steps?ts=markdown) * [Common Risks and Implementation Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#risks?ts=markdown) * [Just-in-Time Access in a Zero Trust and Modern Security Architecture](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#architecture?ts=markdown) * [Just-in-Time Access FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#architecture?ts=markdown) 1. Just-in-Time Access Explained * * [Just-in-Time Access Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#explained?ts=markdown) * [Key Data: Threats and Trends](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#key?ts=markdown) * [Types of Just-in-Time Access](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#types?ts=markdown) * [How Just-in-Time Access Works (Conceptual Flow)](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#how?ts=markdown) * [Key Components and Capabilities](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#components?ts=markdown) * [Key Steps to Implementing Just-in-Time Access](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#steps?ts=markdown) * [Common Risks and Implementation Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#risks?ts=markdown) * [Just-in-Time Access in a Zero Trust and Modern Security Architecture](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#architecture?ts=markdown) * [Just-in-Time Access FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit#architecture?ts=markdown) Just-in-time (JIT) access is an access control approach that grants time-limited, task-specific privileged permissions to a human or non-human identity only when needed, and revokes those privileges immediately after the work is done. The goal is simple: minimize standing privilege so attackers have less time (and fewer paths) to exploit elevated access. Key Points * **Time-Bound Privilege**: Privileged access is granted only for a defined window, not "always on." \* **Least Privilege Enforcement**: Users and machines receive only the permissions required for the task, nothing more. \* **Policy-Driven Approvals**: Requests are verified against pre-approval policies or routed for approval (often automated). \* **Auditability**: A complete audit trail tracks who/what accessed which systems, when, and for how long. \* **Reduced Blast Radius**: By shrinking the privilege window, JIT reduces opportunities for lateral movement after compromise. ## Just-in-Time Access Explained JIT access can be viewed as an [identity security](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-security?ts=markdown) mechanism to enforce the [principle of least privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege?ts=markdown) (PoLP), ensuring that users and [non-human identities](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity?ts=markdown) are granted only the privileges they need. JIT access can also help ensure that privileged activities are conducted in accordance with an organization's [identity and access management (IAM)](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management?ts=markdown), IT Service Management (ITSM), and [privileged access management (PAM)](https://www.paloaltonetworks.com/cyberpedia/what-is-privileged-access-management?ts=markdown) policies, as well as its entitlements and workflows. Any JIT access strategy should enable organizations to maintain a full audit trail of privileged activities. This way, organizations can easily identify who or what gained access to which systems, what they did, when, and for how long. Some agent-based PAM solutions enable organizations to actively monitor sessions and terminate risky privileged sessions in real time. In most organizations, privileged access accumulates over time ("privilege creep"). JIT flips that model by starting from [zero standing privileges](https://www.paloaltonetworks.com/cyberpedia/zero-standing-privileges?ts=markdown) and granting elevation only when a real, approved need exists. This is especially important for: * Admin access to servers and network devices * Cloud and Kubernetes operations * DevOps workflows (break-glass production access) * Third-party or contractor access * Service accounts and other non-human identities ### Why Just-in-Time Access Matters for Modern Organizations Moving beyond traditional static access control, JIT access addresses the core security challenges of digital transformation: 1. **Reduced Attack Surface** : Eliminating standing privileges removes the constant availability of high-value targets (like permanent admin accounts or API keys) that attackers or [malware](https://www.paloaltonetworks.com/cyberpedia/what-is-malware?ts=markdown) can exploit for persistence and lateral movement. 2. **Enforcing Least Privilege**: JIT operationalizes the PoLP by ensuring that access is not only minimized in scope, but also in time. 3. **Auditability and Compliance** : JIT systems create detailed, immutable audit trails for every access request, approval, action taken, and automatic revocation. This simplifies demonstrating compliance with regulations such as [GDPR](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance?ts=markdown) and [PCI DSS](https://www.paloaltonetworks.com/cyberpedia/pci-dss?ts=markdown), as well as industry standards such as the [NIST Cybersecurity Framework](https://www.nist.gov/cyberframework). 4. **Minimizing Insider Threat Risk**: Limiting the window of privileged access significantly reduces the risk of malicious or accidental misuse of administrative rights by internal employees or contractors. 5. **Automatic Revocation**: Access is automatically revoked when the defined time limit expires, the task is completed, or a policy violation is detected. ## Key Data: Threats and Trends The threat landscape consistently shows that privileged accounts and over-permissioned identities are primary attack vectors. Adopting JIT access directly mitigates these statistically common initial access and [lateral movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement?ts=markdown) tactics. * **Over-Permissioned Identities** : [Unit 42 research](https://unit42.paloaltonetworks.com/iam-cloud-threat-research/) found that 99% of cloud users, roles, and service accounts are over-permissive, holding more permissions than they actually need. This excessive scope significantly increases the risk of privilege escalation if an identity is compromised. * **Targeting Privileged Accounts** : According to the [2025 Unit 42 Global Incident Response Report](https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report?ts=markdown), 66% of social engineering attacks targeted privileged accounts. JIT access neutralizes this risk by ensuring that, even if an attacker compromises a credential, the elevated access is automatically short-lived or nonexistent outside an approved workflow. * **Compromised Credentials**: The use of compromised credentials as an initial access vector is a persistent trend that has grown significantly in recent years. Threat actors prioritize identifying highly privileged roles and group memberships to map exploitable privilege escalation paths, which JIT access aims to eliminate entirely. ## Types of Just-in-Time Access Organizations typically implement JIT in one (or more) of these patterns: | **JIT pattern** | **What it does** | **Best for** | |------------------------------|-----------------------------------------------------------------------------|--------------------------------------------| | **Broker and remove access** | Uses a controlled pathway to grant access for a fixed time, then removes it | Shared/admin accounts, vaulted credentials | | **Ephemeral accounts** | Creates a one-time account on the fly, then deprovisions it after use | High-risk systems, strict audit needs | | **Temporary elevation** | Temporarily elevates privileges (roles/commands/groups), then revokes | Endpoint/admin tasks, DevOps access | ## How Just-in-Time Access Works (Conceptual Flow) JIT access replaces the traditional "standing access" model with a dynamic, transactional workflow: 1. **Request**: A user (human or non-human service) explicitly requests access to a specific resource (e.g., a production database, a cloud function, a configuration file) and provides a justification for the task. 2. **Verification and Policy Evaluation** : The JIT system verifies the identity (often requiring [MFA](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication?ts=markdown)) and evaluates the request against security policies, role-based access control ([RBAC](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac?ts=markdown)), attribute-based access control (ABAC), and contextual data (device health, location, time of day). 3. **Approval (Automated or Manual)**: The request is either automatically approved based on pre-defined policies (for low-risk tasks) or routed to a manager or system owner for time-bound, explicit manual approval. 4. **Temporary Provisioning**: The JIT system dynamically provisions access. This may involve creating an ephemeral, single-use account, temporarily elevating privileges on an existing account, or issuing a short-lived token or certificate. 5. **Session Monitoring**: The privileged session is monitored and recorded for all activities and commands executed. ## Key Components and Capabilities An effective JIT access solution requires a centralized platform with several interconnected functions: | **Component / Capability** | **Description** | |-----------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | **Policy Engine** | Defines the "Who, What, When, and Why" of access, including risk-based rules for automated approval or denial. | | **Identity Verification** | Strong authentication (MFA and biometrics) is required for every access request, including those from internal users. | | **Ephemeral Credentialing** | The ability to create temporary, single-use credentials (tokens, certificates, SSH keys) that are automatically destroyed after use, ensuring users never see the persistent password. | | **Session Brokering** | Mediates the connection between the user and the target system, preventing direct access and enabling real-time monitoring and recording. | | **Audit and Logging** | Comprehensive logging of all requests, approvals, session details, and revocation events for forensics and compliance. | ## Key Steps to Implementing Just-in-Time Access To successfully enforce just-in-time (JIT) access, organizations typically adopt one or more of the following essential practices: * **Centralized Credential Management**: Maintain a persistent, privileged shared account with credentials that are centrally managed and regularly rotated. * **Granular Policy Enforcement**: Establish policies that require human and non-human users to provide explicit justification for accessing target systems and applications that contain sensitive data, and limit access to defined periods. * **Auditing and Monitoring**: Record and audit all privileged activity in ephemeral accounts, and enable alerts and automated responses for anomalous or suspicious behavior. * **Temporary Privilege Elevation**: Temporarily increase privileges, granting human and non-human users access to specific privileged accounts or credentials, or the ability to execute privileged commands. The application of JIT access is a fundamental component of the zero trust security framework, reinforcing the principle of least privilege. Zero trust requires strict verification of every connection attempt before granting access to systems. As organizations increasingly pursue digital transformation, many are shifting from traditional perimeter-based security models to the zero trust framework to protect their most sensitive information assets. ## Common Risks and Implementation Challenges Implementing JIT access can introduce new complexity if not managed correctly: * **Workflow Friction**: Overly complex or slow approval workflows can hinder productivity, tempting users to seek workarounds that bypass security controls. * **Inadequate Scope Definition**: If JIT policies grant too many permissions (even if time-bound), the blast radius of a compromised session remains too large. * **Misconfiguration of Revocation**: Failure to ensure immediate, automatic revocation upon task completion or expiry can inadvertently restore standing privileges. * **Integrating Legacy Systems**: Older systems or bespoke applications may not support the dynamic provisioning/deprovisioning APIs required for a JIT model. * **Auditing Complexity**: The sheer volume of logs generated by dynamic, transactional access makes it difficult to detect anomalies with traditional tools. ## Just-in-Time Access in a Zero Trust and Modern Security Architecture JIT access is a critical enabler of the [zero trust architecture (ZTA)](https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture?ts=markdown), which operates on the principle of "Never Trust, Always Verify." In the ZTA model (as defined by [NIST SP 800-207](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207?ts=markdown)), access decisions must be dynamic and based on real-time context. JIT access fulfills this requirement perfectly by ensuring: | **JIT Alignment with Zero Trust** | **Description** | |-----------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | **Continuous Verification** | Every request, even from an authenticated user, is re-evaluated and verified against the current policy before access is granted. | | **Least Privilege Enforcement** | JIT is the mechanism that enforces the least privilege principle in the temporal dimension, supporting the Zero Trust mandate to limit access to only what is necessary. | | **Micro-Segmentation of Access** | Instead of broad network access, JIT focuses on providing time-bound, granular access to a single resource or application, enabling granular control over the data plane. | By eliminating persistent trust relationships (standing privileges), JIT access removes a key vulnerability that attackers frequently exploit for initial compromise and post-exploitation lateral movement. ## Just-in-Time Access FAQs ### Does JIT access replace traditional Privileged Access Management (PAM)? JIT access is considered a modern evolution and a core feature of next-generation PAM solutions. Traditional PAM often focused on vaulting and session recording for standing privileged accounts. Modern PAM and Identity Security solutions use JIT as the primary method for granting access, effectively making "zero standing privilege" the default state managed by the PAM platform. ### How does JIT access help with Zero Trust? JIT access is essential for Zero Trust because it fundamentally removes the standing trust that traditional security models granted to administrators. In a Zero Trust model, trust is never assumed. JIT ensures that every request for elevated access is treated as a new transaction, requiring verification, policy evaluation, and time limits, aligning perfectly with the ZTA mandate of "never trust, always verify." ### Is JIT access only for human administrators? No. JIT access is increasingly critical for securing Non-Human Identities (NHIs), such as service accounts, API keys, CI/CD pipelines, and cloud functions. These identities often require high privileges but should be used only for specific automated tasks. JIT systems dynamically issue ephemeral tokens and credentials to these machines, ensuring that credentials expire immediately after the task completes. ### What is the risk associated with standing privileges? Standing privileges pose a massive risk because they provide a permanent target. If an attacker gains access to a standing privileged account (e.g., via phishing or a compromised endpoint), they immediately have unlimited time to conduct reconnaissance, move laterally across the network, and exfiltrate data, often without triggering immediate alerts. JIT access removes this constant open door. Related Content [What Is Identity and Access Management (IAM)? Learn how IAM serves as the foundation for modern security, including the critical role of "Least Privilege" and how Just-in-Time principles prevent over-provisioned accounts.](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management?ts=markdown) [A Leader in Secure Remote Access for OT/ICS Discover how Just-in-Time (JIT) access is implemented via the Prisma Access Browser to provide secure, temporary connectivity for third parties and contractors without requiring pe...](https://www.paloaltonetworks.com/blog/network-security/a-leader-in-secure-remote-access-for-ot-ics/?ts=markdown) [ZTNA 2.0: The New Standard for Securing Access Explore the definitive whitepaper on ZTNA 2.0, which details how Just-in-Time access and continuous trust verification overcome the "allow and forget" risks of legacy VPNs.](https://www.paloaltonetworks.com/resources/whitepapers/ztna-2-0-the-new-standard-for-securing-access?ts=markdown) [Setting up Just-in-Time Provisioning on Okta A step-by-step guide for administrators to configure JIT provisioning and SAML assertions within Prisma Cloud and Okta to automate user access on the fly.](https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/setup-sso-integration-on-prisma-cloud/set-up-jit-on-okta) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20Just-In-Time%20Access%3F&body=Learn%20how%20just-in-time%20%28JIT%29%20access%20eliminates%20standing%20privileges%2C%20supports%20Zero%20Trust%2C%20reduces%20your%20attack%20surface%2C%20and%20minimizes%20risk%20from%20compromised%20accounts%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-defense-in-depth?ts=markdown) What Is Defense-in-Depth?: A Layered Cybersecurity Strategy [Next](https://www.paloaltonetworks.com/cyberpedia/zero-standing-privileges?ts=markdown) Zero Standing Privileges: Protecting Enterprise Access Control {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language