As an IT admin, you may have mixed feelings when a new user is added to your organization. On one hand, it’s exciting to have new talent working alongside you. On the other hand, adding a new user to your network can be a source of dread.
Provisioning users to all their IT resources is time-consuming and tedious, especially when your organization uses a mixture of cloud and on-prem applications. Fortunately, innovations like SAML Just-In-Time (JIT) provisioning can alleviate this pressure. Here’s how SAML JIT provisioning makes onboarding easier.
What is SAML Supported JIT Provisioning?
SAML (Security Assertion Markup Language) is a protocol that allows identity providers to pass authorization credentials to service providers. In other words, it allows users to log in to multiple websites or applications using only one set of credentials. SAML also allows IT organizations to use software-as-a-service (SaaS) solutions while maintaining a secure identity access management (IAM) system.
Meanwhile, JIT provisioning is a method that automates part of the onboarding process by streamlining user account creation. When a user first logs in to an application, JIT uses the SAML protocol to search the identity provider for a user with the same identifying factor –– such as email or username. If one is found, the end user will automatically be provisioned to that application. Alternatively, the user can go through their portal, click on the icon for the app, and the account is provisioned for them.
If the user hasn’t been entered into the identity provider (IdP), they can’t log in to the application and they won’t have an account until one is made. Also, if you don’t detail user attributes beforehand, any permissions they should have won’t be applied until you do so manually. So although JIT provisioning automates part of the process, you still need to manually create the user’s account first one-time within the IdP. JIT provisioning automatically creates all other accounts for that user afterward.
You only need to enter the user into the identity provider and detail user attributes once for JIT provisioning to work. Once the end user is added, JIT provisioning automatically creates an account for them the first time they launch an application they’re authorized to access. This can dramatically cut down on the time spent onboarding new users.
For example, if you have 30 applications, JIT takes care of the provisioning process you would have had to do 30 times over. You no longer need to go into various applications and set up an account for each person.
This quality of life improvement applies to both you and end users –– they don’t constantly need to ask for access to applications, and you spend less time hammering out support tickets.
How to Implement JIT Provisioning
Implementing JIT provisioning through JumpCloud® makes the process even more streamlined. We provide you with a number of preconfigured SAML connectors and the SAML 2.0 Generic Connector, along with a host of apps enabled with JIT, so that you can Make Work HappenTM without too many headaches.