Configuring just-in-time provisioning
PingFederate’s just-in-time (JIT) provisioning allows service providers (SPs) to create user accounts on the fly during single sign-on (SSO) events, based on attributes received in SSO tokens from identity providers (IdPs).
About this task
An SP can also use JIT provisioning to update existing user records.
This configuration task is presented in the administrative console only when the JIT Provisioning check box is selected on the Connection Options tab. |
Steps
-
Go to Authentication → Integration → IdP Connections.
-
Create a new IdP connection or select an existing IdP connection .
-
On the Connection Type tab, select the Browser SSO Profiles check box and a protocol from the list.
-
On the Connection Options tab, select the Browser SSO check box and then the JIT Provisioning check box.
-
Complete the Browser SSO configuration.
-
On the JIT Provisioning tab, click Configure User Provisioning to begin the configuration of JIT provisioning.