Configuring Just-In-Time (JIT) Provisioning
Overview
OverviewFlosum supports Just-In-Time (JIT) Provisioning for both OIDC and SAML identity providers. JIT Provisioning automatically creates and updates user accounts in Global Settings when a user first logs in via SSO. Since the identity provider supplies user information, JIT Provisioning saves time by eliminating the need to manually create users. Your identity provider must be properly configured before you enable JIT Provisioning.
You can use SCIM as an alternative to JIT Provisioning, or combine the two. The SCIM API automates user provisioning in your Flosum tenant, letting you provision, manage, and deprovision users seamlessly. For more details about SCIM, see the article below.
Enabling JIT Provisioning
Enabling JIT Provisioning for an identity provider is done when creating or editing the identity provider.
Check the Just-In-Time Provisioning checkbox to enable this feature.
Click Save to save the change.
For more details about creating or editing an identity provider, see the following articles.
Identity Provider Mapped Attributes
For an identity provider to be able to use JIT Provisioning to add user accounts to your Flosum tenant, you must configure your identity provider to map user attributes to specific values. See the following table for a list of the attributes.
uniqueUserId
The ID used by the identity provider to identity user accounts.
firstName
The first or given name of the user.
lastName
The last or surname of the user.
The email address of the user.
The following sections provide information on configuring specific identity providers to work with JIT Provisioning.
Microsoft Entra ID Attribute Mapping
Log in to your Entra ID account.
Access the SAML Attributes & Claims page.
Ensure your Attributes & Claims are correctly set. See the screenshot and table below.
userUniqueId
user.objectid
firstName
user.givenname
lastName
user.surname
user.mail
Last updated
Was this helpful?