As an IT admin, you may have mixed feelings when a new user is added to your organization. On one hand, it’s exciting to have new talent working alongside you. On the other hand, adding a new user to your network can be a source of dread.
Provisioning users to all their IT resources is time-consuming and tedious, especially when your organization uses a mixture of cloud and on-prem applications. Fortunately, innovations like SAML Just-In-Time (JIT) provisioning can alleviate this pressure. Here’s how SAML JIT provisioning makes onboarding easier.
What is SAML Supported JIT Provisioning?
SAML (Security Assertion Markup Language) is a protocol that allows identity providers to pass authorization credentials to service providers. In other words, it allows users to log in to multiple websites or applications using only one set of credentials. SAML also allows IT organizations to use software-as-a-service (SaaS) solutions while maintaining a secure identity access management (IAM) system.
Meanwhile, JIT provisioning is a method that automates part of the onboarding process by streamlining user account creation. When a user first logs in to an application, JIT uses the SAML protocol to search the identity provider for a user with the same identifying factor –– such as email or username. If one is found, the end user will automatically be provisioned to that application. Alternatively, the user can go through their portal, click on the icon for the app, and the account is provisioned for them.
If the user hasn’t been entered into the identity provider (IdP), they can’t log in to the application and they won’t have an account until one is made. Also, if you don’t detail user attributes beforehand, any permissions they should have won’t be applied until you do so manually. So although JIT provisioning automates part of the process, you still need to manually create the user’s account first one-time within the IdP. JIT provisioning automatically creates all other accounts for that user afterward.
You only need to enter the user into the identity provider and detail user attributes once for JIT provisioning to work. Once the end (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Megan Anderson. Read the original post at: https://jumpcloud.com/blog/jit-provisioning-onboarding