One risk IAM administrators are very familiar with is having a lack of control over credentials. Once credentials that grant privileged operations are lost or shared without permissions, they can be used to give unauthorized people elevated access to resources. A reasonable prevention strategy is to use a Just-in-Time (JIT) access model to make all access temporary by default, and reduce overall time access is granted to mission-critical systems. For organizations that use AWS and Okta, Okta administrators can leverage the power of Okta Access Requests to grant JIT access before anyone can access AWS resources. Adding a layer of defense with JIT One way of adding protection against unintended credential use is by using AWS’s IAM Identity Center combined with Okta to ensure AWS access is only granted by using a strong identity coupled with MFA authentication, such as Okta FastPass, WebAuthN, and device posture. Beyond enforcing strong MFA.