Skip to main content

JIT provisioning

Just-in-time (JIT) provisioning is a user provisioning method that automates the creation of user accounts in SixMap when a user first attempts to log in using Single Sign-On (SSO) or an email domain your organization specifies.

tip

To manage JIT provisioning, you must have the Admin role.

JIT provisioning and SCIM

If your organization integrates with your SSO identity provider (IdP) through SCIM, JIT provisioning can complement user account creation and removal in SixMap.

  • SCIM primarily handles proactive user provisioning and de-provisioning based on changes in the IdP, enabling centralized user lifecycle management.
  • JIT provisioning is a reactive method that creates user accounts on-demand, triggered by a user's first-time SSO login attempt, such as when SCIM provisioning hasn't yet occurred.
    info

    JIT provisioning and SCIM rely on consistent attribute mapping between the IdP and SixMap. For more information, see Attribute statements.

Enable JIT provisioning during onboarding

  1. Navigate to Administration, Organization.
  2. Select Edit from the User onboarding section.
  3. To allow users to automatically join based on your access control list, under JIT Provisioning, select:
    • Email domains: Allows JIT provisioning for users with email domains in the access control list.
    • SSO connections: SSO (Single Sign-On) allows users to authenticate through a centralized identity provider, such as Okta or Azure AD. This option enables JIT provisioning for users who are part of the allowed SSO connections defined in the access control list.
  4. Under Access control list, manage which email domains and SSO connections your organization allows.
    • To allow a specific email domain for email invitations or JIT provisioning, under Email domains, select Add domain, enter the domain, such as acme-corp.com, and select Save.
    • To add a SSO connection, under SSO connections, select Select connection, choose an identity provider, and select Save.
  5. Select Save.

Enable JIT provisioning for an SSO connection

  1. Navigate to Administration, SSO.
  2. Select the menu under Actions next to the SSO connection you want to edit, and select Edit connection.
  3. In the Authentication settings section, select Edit.
  4. To enable Just-In-Time (JIT) provisioning for users who successfully authenticate through this SSO connection, toggle the JIT provisioning option. For more information, see JIT provisioning.
  5. Select Save.