Just-in-Time Group Membership Action

This action will add a user to the specified group for a specified time. This action can then be added to a controlling policy to give Just-in-Time elevation to a user. The action is a read-only action by default. To customize this macOS action for your endpoints, use the Duplicate option.

1. Navigate to Admin | Actions.

2. Search for and select Just-in-Time Group Membership from the list of available macOS actions.

3. Click Duplicate.

4. Enter a name for your newly created action and click Create.

   

5. Under Settings specify

   1. the Group Name as created on the endpoint.
   2. the Duration either
      • set a specific length of time, here you need to consider that authorization is started when the application starts, or
      • use the default as long as application is active.
   3. enable the Suppress password prompts from sudo while a member of the group if the user should not be prompted for the standard user password while in the group.

6. Click Save Changes.

The Suppress password prompts from sudo while a member of the group checkmark is intended for use with scripts that may execute multiple sudo commands, such as the Homebrew installer.

Refer to the topic macOS Homebrew Installer Support for details on the policy setup.