# Add JIT Admin
This page allows you to create a new JIT admin
| Option | Description |
| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Tenant selection | Use the dropdown to select the tenant for JIT Admin access |
| Template selection | If you have created templates, you are able to select one here to prepopulate many of the fields below. |
| User selection | Select if you would like to create a new user or use an existing user |
| Start Date | Sets the start date for JIT Admin access |
| End Date | Sets the end date and time for JIT Admin access |
| Admin Roles | Toggle on this option and then select the Entra ID admin roles you want assigned to the user. Remember: Use the principle of least privilege to only assign the role with the minimum set of permissions needed to complete your tasks. The roles are returned from the Microsoft API. If you are looking for Global Administrator, you need to select Company Administrator. |
| Group Membership | Toggle on this option and then select the groups you want this admin to have access to. |
| Reason | Enter the reason the JIT Admin is being requested. This will display on the table in [](https://docs.cipp.app/user-documentation/identity/administration/jit-admin "mention") |
| Generate TAP | Set this option to generate a Temporary Access Pass (TAP) to satisfy the need for strong authentication/MFA |
| Expiration Action | Select what you want to happen to the user at expiration of the JIT admin access requested. |
| Notification Action | Select the option or options for how you would like to be notified of JIT admin creation. Note that only options that are configured in CIPP settings will work. |
{% hint style="warning" %}
To use Temporary Access Passes (TAP), you must enable the authentication method in the customer tenant. \
This can be done easily via the CIPP Entra [templates](https://docs.cipp.app/user-documentation/tenant/standards/alignment/templates "mention"): "Enable Temporary Access Passwords"
{% endhint %}
***
## Feature Requests / Ideas
We value your feedback and ideas. Please raise any [feature requests](https://github.com/KelvinTegelaar/CIPP/issues/new?assignees=\&labels=enhancement%2Cno-priority\&projects=\&template=feature.yml\&title=%5BFeature+Request%5D%3A+) on GitHub.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.cipp.app/user-documentation/identity/administration/jit-admin/add.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.