The JIT Access Settings API allows organizations to define how long temporary access should last—and under what conditions. Admins can configure standing and maximum access durations, create custom expiry presets, and enforce approval policies like requiring justifications or second-party approval. This makes it easy to align access privileges with least-privilege principles and audit requirements, without slowing teams down.
Add a custom expiry duration
post
Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Body
timenumberRequired
unitstring · enumRequiredPossible values:
Responses
204
Custom expiry added
400
Bad request
401
Unauthorized
post
/expiry-options
No content
Remove a custom expiry duration
delete
Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Path parameters
keystringRequired
Responses
204
Custom expiry removed
400
Bad request
401
Unauthorized
delete
/expiry-options/{key}
No content
Reset custom expiry durations
post
Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Responses
200
Reset expiry options
application/json
400
Bad request
401
Unauthorized
post
/expiry-options/_reset
Set custom standing access duration
put
Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Body
timenumberRequired
unitstring · enumRequiredPossible values:
Responses
200
Standing access configured
application/json
400
Bad request
401
Unauthorized
put
/standing-access-duration
Set custom maximum access duration
put
Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
