JumpCloud Office Hours: Join our experts every Friday to talk shop. Register today

What is Just-in-Time (JIT) Provisioning?



Just-in-Time (JIT) provisioning can play a key role in automating IT workflows and saving time. We’ll examine what it is, how it works, and why it’s a boon to IT admins.

Just-in-Time Provisioning Defined

JIT provisioning is a method of automating user account creation for web applications. It uses the SAML (Security Assertion Markup Language) protocol to pass information from the identity provider to web applications.

So, when a new user tries to log in to an authorized app for the first time, they trigger the flow of information from the identity provider to the app that’s needed to create their account. 

How JIT SAML Provisioning Works

In establishing JIT provisioning, admins need to configure a single sign-on (SSO) connection between the identity provider and the target service provider (web application) and ensure they’ve included the user attributes the service provider requires.

Then, when new users try to log in to the application for the first time, they will trigger the creation of their account automatically, rather than requiring an admin or manager to create the account for them during onboarding. The service provider receives the information it needs from the identity provider via SAML assertions.

Admins can implement this workflow through a centralized cloud identity provider or an SSO provider layered on top of their legacy directory. During configuration, they need to make sure the intended service provider also supports JIT provisioning. Examples of popular service providers that support JIT provisioning include the Atlassian® suite, Slack®, and Drift™.

Implementing JIT provisioning directly from a cloud identity provider is the most streamlined approach to take because admins can then set application permissions by role or group and revoke application access from one central place.

Benefits of JIT Provisioning

The process of creating application accounts for a handful of employees might be manageable, but scaling organizations should automate workflows rather than doing the process manually ad nauseum.

JIT is a powerful feature to allow IT admins to offload a tedious and perpetual task and save time for other needs in their organizations. The more processes admins can automate, the more they reduce the chance for error, too, like giving a user a higher access level in an application than they need.

Although JIT provisioning requires some legwork during the initial configuration between the identity and service providers, it promises to pay dividends in the long run.

The end goal should be to provision a user once in the central directory and automate the processes to provision their access elsewhere. JIT is one piece in this user lifecycle management process.

Learn More

Do you want to learn more about JIT provisioning? This guide to automating user onboarding will walk you through how JIT fits into a broader automation strategy.


Recent Posts
See all of the new features and updates available in Directory-as-a-Service in the July '20 edition of the JumpCloud Newsletter.

Blog

July ’20 Newsletter

See all of the new features and updates available in Directory-as-a-Service in the July '20 edition of the JumpCloud Newsletter.

You should be celebrated on SysAdmin Appreciation Day, and you can also treat yourself with these five time-savers and tools in JumpCloud.

Blog

SysAdmin Day: 5 Ways to Treat Yourself with JumpCloud

You should be celebrated on SysAdmin Appreciation Day, and you can also treat yourself with these five time-savers and tools in JumpCloud.

IT admins save time and money by automating the management of longterm Linux infrastructure. DaaS helps you automate Linux management for free.

Blog

Automate Linux Management

IT admins save time and money by automating the management of longterm Linux infrastructure. DaaS helps you automate Linux management for free.