Just-in-Time (JIT) provisioning can play a key role in automating IT workflows and saving time. We’ll examine what it is, how it works, and why it’s a boon to IT admins.
Just-in-Time Provisioning Defined
JIT provisioning is a method of automating user account creation for web applications. It uses the SAML (Security Assertion Markup Language) protocol to pass information from the identity provider to web applications.
So, when a new user tries to log in to an authorized app for the first time, they trigger the flow of information from the identity provider to the app that’s needed to create their account.
How JIT SAML Provisioning Works
In establishing JIT provisioning, admins need to configure a single sign-on (SSO) connection between the identity provider and the target service provider (web application) and ensure they’ve included the user attributes the service provider requires.
Then, when new users try to log in to the application for the first time, they will trigger the creation of their account automatically, rather than requiring an admin or manager to create the account for them during onboarding. The service provider receives the information it needs from the identity provider via SAML assertions.
Admins can implement this workflow through a centralized cloud identity provider or an SSO provider layered on top of their legacy directory. During configuration, they need to make sure the intended service provider also supports JIT provisioning. Examples of popular service providers that support JIT provisioning include the Atlassian® suite, Slack®, and Drift™.
Implementing JIT provisioning directly from a cloud identity provider is the most streamlined approach to take because admins can then set application permissions by role or group and revoke application access from one central place.
Benefits of JIT Provisioning
The process of creating application accounts for a handful of employees might be manageable, but scaling organizations should automate workflows rather than doing the process manually ad nauseum.
JIT is a powerful feature to allow IT admins to offload a tedious and perpetual task and save time for other needs in their organizations. The more processes admins can automate, the more they reduce the chance for error, too, like giving a user a higher access level in an application than they need.
Although JIT provisioning requires some legwork during the initial configuration between the identity and service providers, it promises to pay dividends in the long run.
The end goal should be to provision a user once in the central directory and automate the processes to provision their access elsewhere. JIT is one piece in this user lifecycle management process.