{"id":43730,"date":"2020-01-17T09:00:00","date_gmt":"2020-01-17T16:00:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=43730"},"modified":"2022-10-20T16:30:51","modified_gmt":"2022-10-20T20:30:51","slug":"difference-between-saml-sso-jit","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit","title":{"rendered":"Difference Between SAML SSO & Just-in-Time (JIT) Provisioning"},"content":{"rendered":"\n

With the explosion of web applications, organizations have sought single sign-on (SSO)<\/a> solutions to enable more efficient integration with their core directory services. Here, we\u2019ll explore the difference between SAML SSO and Just-in-Time (JIT) provisioning, two concepts that affect the way users access web applications.<\/p>\n\n\n\n

What is SAML SSO?<\/h2>\n\n\n\n

The SAML (Security Assertion Markup Language)<\/a> protocol was created in the early 2000s to enable secure authentication between identity providers and service providers (i.e. web applications). SAML is secure because it passes XML-based certificates that are unique to each application rather than passing user credentials.<\/p>\n\n\n\n

Using SAML, organizations created SSO solutions that simplified the login process. Instead of creating new sets of credentials for every web application they used, users could leverage their Active Directory\/core directory credentials to access both their machines and their web applications via a browser plugin or web portal.<\/p>\n\n\n\n

SAML SSO occurs either through service provider- or identity provider-initiated sign-ons. In service provider-initiated sign-ons, users visit the website of the application directly and are redirected back to their identity provider by an attribute such as their domain name or username. They are then logged into the application through their identity provider automatically. In identity provider-initiated sign-ons, employees click through their SSO web portal to access the application. In either case, the service provider never receives or tracks their credentials.<\/p>\n\n\n\n

SSO providers<\/a> often offer both pre-built and generic connectors to give organizations flexibility in connecting to both popular and proprietary applications. Pre-built connectors work for popular applications like Slack, Salesforce, GitHub, and thousands more, while generic connectors let admins fill in the necessary fields to connect to applications that aren\u2019t as widely accessible. These solutions save time not only for end users (who spend 36 minutes a month on password activities, according to LastPass<\/a>) but also for IT admins who need to securely manage user provisioning and passwords.<\/p>\n\n\n\n

What is Just-in-Time Provisioning?<\/h2>\n\n\n\n

Just-in-Time provisioning<\/a> also uses the SAML protocol, and it refers to a method of application account creation.<\/p>\n\n\n\n

With JIT, IT admins no longer need to create accounts manually for each user in each application they use. Instead, user accounts are created the first time users try to log in to applications, as long as they have permissions for them.<\/p>\n\n\n\n

For example, IT admins can automatically grant Salesforce access to all users in the sales department, and those users\u2019 accounts are created the first time they try to log in to Salesforce through their SSO portal or by a service provider-initiated log in.<\/p>\n\n\n\n

It\u2019s important to note the service provider (web application) must support JIT for this implementation to work.<\/p>\n\n\n\n

Comparing SAML SSO and JIT Provisioning<\/h2>\n\n\n\n

Both SAML SSO and JIT provisioning play a part in providing a seamless application login experience for users, and they can be used in conjunction.<\/p>\n\n\n\n

Web application SSO<\/a> implementation has a noticeable effect on user experience because users only have to enter their credentials once per session to access all their applications they need to get work done during the day.<\/p>\n\n\n\n

Although user experience doesn\u2019t change dramatically when an organization uses JIT provisioning, the process makes onboarding more efficient and IT operations more streamlined. JIT is a behind-the-scenes tool to buy IT admins more time to dedicate to other critical tasks.<\/p>\n\n\n\n

Both SAML SSO and JIT Provisioning also increase organizational security and prevent identity sprawl because they ensure users have only one secure identity for their machines, other directory-managed resources, and applications \u2014 rather than repeated or similar passwords across services \u2014 and decrease the manual provisioning tasks admins have to do. <\/p>\n\n\n\n

Learn More<\/h2>\n\n\n\n

If you\u2019re an IT admin exploring what SSO solution would be best tailored to your environment, we\u2019ve put together a guide to choosing an SSO solution<\/a> \u2014 check it out!<\/p>\n","protected":false},"excerpt":{"rendered":"

Learn about the difference between SAML SSO and Just-in-Time (JIT) provisioning and the role each plays in connecting users to applications.<\/p>\n","protected":false},"author":89,"featured_media":43732,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[2337],"tags":[],"collection":[2780],"platform":[],"funnel_stage":[3016],"coauthors":[2545],"acf":[],"yoast_head":"\nDifference Between SAML SSO & Just-in-Time (JIT) Provisioning - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn about the difference between SAML SSO and Just-in-Time (JIT) provisioning and the role each plays in connecting users to applications.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Difference Between SAML SSO & Just-in-Time (JIT) Provisioning\" \/>\n<meta property=\"og:description\" content=\"Learn about the difference between SAML SSO and Just-in-Time (JIT) provisioning and the role each plays in connecting users to applications.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:published_time\" content=\"2020-01-17T16:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-10-20T20:30:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/01\/difference-between-saml-sso-jit.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"780\" \/>\n\t<meta property=\"og:image:height\" content=\"519\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Cassa Niedringhaus\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Cassa Niedringhaus\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit\"},\"author\":{\"name\":\"Cassa Niedringhaus\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/a1d99d1a0c59bccda454540d642bd562\"},\"headline\":\"Difference Between SAML SSO & Just-in-Time (JIT) Provisioning\",\"datePublished\":\"2020-01-17T16:00:00+00:00\",\"dateModified\":\"2022-10-20T20:30:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit\"},\"wordCount\":636,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/01\/difference-between-saml-sso-jit.jpg\",\"articleSection\":[\"Remote Work\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit\",\"url\":\"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit\",\"name\":\"Difference Between SAML SSO & Just-in-Time (JIT) Provisioning - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/01\/difference-between-saml-sso-jit.jpg\",\"datePublished\":\"2020-01-17T16:00:00+00:00\",\"dateModified\":\"2022-10-20T20:30:51+00:00\",\"description\":\"Learn about the difference between SAML SSO and Just-in-Time (JIT) provisioning and the role each plays in connecting users to applications.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/01\/difference-between-saml-sso-jit.jpg\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/01\/difference-between-saml-sso-jit.jpg\",\"width\":780,\"height\":519},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Difference Between SAML SSO & Just-in-Time (JIT) Provisioning\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/a1d99d1a0c59bccda454540d642bd562\",\"name\":\"Cassa Niedringhaus\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/47c9209225a9cda7d94451f40f9aa273\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b5b22cb0dac3c3ae9baa4ea62d05c76e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b5b22cb0dac3c3ae9baa4ea62d05c76e?s=96&d=mm&r=g\",\"caption\":\"Cassa Niedringhaus\"},\"description\":\"Cassa is a product marketing specialist at JumpCloud with a degree in Magazine Writing from the University of Missouri. When she\u2019s not at work, she likes to hike, ski and read.\",\"sameAs\":[\"https:\/\/jumpcloud.com\/blog\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Difference Between SAML SSO & Just-in-Time (JIT) Provisioning - JumpCloud","description":"Learn about the difference between SAML SSO and Just-in-Time (JIT) provisioning and the role each plays in connecting users to applications.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit","og_locale":"en_US","og_type":"article","og_title":"Difference Between SAML SSO & Just-in-Time (JIT) Provisioning","og_description":"Learn about the difference between SAML SSO and Just-in-Time (JIT) provisioning and the role each plays in connecting users to applications.","og_url":"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit","og_site_name":"JumpCloud","article_published_time":"2020-01-17T16:00:00+00:00","article_modified_time":"2022-10-20T20:30:51+00:00","og_image":[{"width":780,"height":519,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/01\/difference-between-saml-sso-jit.jpg","type":"image\/jpeg"}],"author":"Cassa Niedringhaus","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Cassa Niedringhaus","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit"},"author":{"name":"Cassa Niedringhaus","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/a1d99d1a0c59bccda454540d642bd562"},"headline":"Difference Between SAML SSO & Just-in-Time (JIT) Provisioning","datePublished":"2020-01-17T16:00:00+00:00","dateModified":"2022-10-20T20:30:51+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit"},"wordCount":636,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/01\/difference-between-saml-sso-jit.jpg","articleSection":["Remote Work"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit","url":"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit","name":"Difference Between SAML SSO & Just-in-Time (JIT) Provisioning - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/01\/difference-between-saml-sso-jit.jpg","datePublished":"2020-01-17T16:00:00+00:00","dateModified":"2022-10-20T20:30:51+00:00","description":"Learn about the difference between SAML SSO and Just-in-Time (JIT) provisioning and the role each plays in connecting users to applications.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/01\/difference-between-saml-sso-jit.jpg","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/01\/difference-between-saml-sso-jit.jpg","width":780,"height":519},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/difference-between-saml-sso-jit#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Difference Between SAML SSO & Just-in-Time (JIT) Provisioning"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/a1d99d1a0c59bccda454540d642bd562","name":"Cassa Niedringhaus","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/47c9209225a9cda7d94451f40f9aa273","url":"https:\/\/secure.gravatar.com\/avatar\/b5b22cb0dac3c3ae9baa4ea62d05c76e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b5b22cb0dac3c3ae9baa4ea62d05c76e?s=96&d=mm&r=g","caption":"Cassa Niedringhaus"},"description":"Cassa is a product marketing specialist at JumpCloud with a degree in Magazine Writing from the University of Missouri. When she\u2019s not at work, she likes to hike, ski and read.","sameAs":["https:\/\/jumpcloud.com\/blog"]}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/43730"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/89"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=43730"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/43730\/revisions"}],"predecessor-version":[{"id":70719,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/43730\/revisions\/70719"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/43732"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=43730"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=43730"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=43730"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=43730"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=43730"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=43730"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=43730"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}