What is Just-in-Time (JIT) Provisioning?

Written by Cassa Niedringhaus on February 3, 2020

Share This Article

Just-in-Time (JIT) provisioning can play a key role in automating IT workflows and saving time. We’ll examine what it is, how it works, and why it’s a boon to IT admins.

Just-in-Time Provisioning Defined

JIT provisioning is a method of automating user account creation for web applications. It uses the SAML (Security Assertion Markup Language) protocol to pass information from the identity provider to web applications.

So, when a new user tries to log in to an authorized app for the first time, they trigger the flow of information from the identity provider to the app that’s needed to create their account. 

How JIT SAML Provisioning Works

In establishing JIT provisioning, admins need to configure a single sign-on (SSO) connection between the identity provider and the target service provider (web application) and ensure they’ve included the user attributes the service provider requires.

Then, when new users try to log in to the application for the first time, they will trigger the creation of their account automatically, rather than requiring an admin or manager to create the account for them during onboarding. The service provider receives the information it needs from the identity provider via SAML assertions.

Admins can implement this workflow through a centralized cloud identity provider or an SSO provider layered on top of their legacy directory. During configuration, they need to make sure the intended service provider also supports JIT provisioning. Examples of popular service providers that support JIT provisioning include the Atlassian® suite, Slack®, and Drift™.

Implementing JIT provisioning directly from a cloud identity provider is the most streamlined approach to take because admins can then set application permissions by role or group and revoke application access from one central place.

Benefits of JIT Provisioning

The process of creating application accounts for a handful of employees might be manageable, but scaling organizations should automate workflows rather than doing the process manually ad nauseum.

JIT is a powerful feature to allow IT admins to offload a tedious and perpetual task and save time for other needs in their organizations. The more processes admins can automate, the more they reduce the chance for error, too, like giving a user a higher access level in an application than they need.

Although JIT provisioning requires some legwork during the initial configuration between the identity and service providers, it promises to pay dividends in the long run.

The end goal should be to provision a user once in the central directory and automate the processes to provision their access elsewhere. JIT is one piece in this user lifecycle management process.

Learn More

Do you want to learn more about JIT and SSO? This guide to automating user onboarding will walk you through how JIT fits into a broader automation strategy.

Cassa Niedringhaus

Cassa is a product marketing specialist at JumpCloud with a degree in Magazine Writing from the University of Missouri. When she’s not at work, she likes to hike, ski and read.

Continue Learning with our Newsletter