Just in Time (JIT) Provisioning
JIT provisioning allows the creation of user accounts via SAML authentication. If an app supports this, and is SAML enabled with Bitium, it will be possible for a Bitium admin to assign the app to users within Bitium, who do not yet have accounts in the app. Upon authenticating via SAML for the first time, an account will be created within the app for them.
Each app has slightly different requirements for the values that are passed over, but we generally will try to provide the user’s first name, last name, and email as they appear in Bitium for the values given to the new account.
Not all SAML apps support this. For some apps, there is an option to turn this on/off when configuring SAML within the app. If the app doesn’t support it, or the option is turned off, it will simply mean that a user must exist within the app (usually with an email address that matches their Bitium email address) for a SAML authentication request to correctly go through. In this case, an admin could invite or create a user within the admin section of the app, prior to assigning that user the SAML-enabled app in Bitium.
If you have any questions on a particular app and any JIT capabilities it supports, please let us know. We’ll be happy to help you!