Setting up Just-in-Time provisioning for SAML SSO

For partners subscribed to Enterprise plans.

For partners using SAML (Security Assertion Markup Language) SSO with an identity provider supporting SAML 2.0, your configuration may be further customized to allow for Just-in-Time provisioning which can create IT Glue users on the fly the first time they access IT Glue from their SSO application. If you know the Groups and/or Organizations you’d like such users to have access to, you can reduce the amount of time it takes to get a staff member access to IT Glue.

This feature also allows you to exercise as many restrictions to their Organizations access as you would normally have when creating an IT Glue user.

How it works

Just-in-Time provisioning works with your SAML identity provider to pass key identifying information to the connected application in a SAML 2.0 assertion. IT Glue's Just-in-Time provisioning works with your SAML identity provider to pass key identifying information to your connected application with a SAML 2.0 assertion. In IT Glue’s case, this is the email address used to authenticate into the SAML identity provider. Because this automated provisioning uses SAML to communicate, your IT Glue account must have SAML SSO enabled.

If you know the Groups and/or Organizations you’d like such users to have access to, you can reduce the amount of time it takes to get a staff member access to IT Glue.

You can also predefine and assign Groups and Organizations you’d like your SSO users to have access to. This will allow you to reduce the amount of time it takes to give a staff member access to IT Glue.

Your configuration may be further customized to allow for Just-in-Time provisioning which can create IT Glue users on the fly the first time they access IT Glue from their SSO application.

Prerequisites

  • Administrator level access to IT Glue
  • SAML SSO Provider supporting SAML 2.0
  • Your IT Glue account must have SAML SSO enabled and configured as described in
  • Completion of Single sign-on setup, please see our Setting up single sign-on (SSO) to IT Glue KB article for this.

Get started

1. Under Enable SAML SSO, toggle on Auto-Provision IT Glue Users.

Screen_Shot_2018-12-19_at_5.00.18_PM.png

2. Choose a Role appropriate for users created on the fly.

Screen_Shot_2018-12-19_at_5.02.29_PM.png

3. Select the Groups, if any, you would like users created on the fly to be a member of.

Screen_Shot_2018-12-19_at_5.10.48_PM.png 

4. Select the Organizations you would like users created on the fly to have access to.

Screen_Shot_2018-12-19_at_5.12.07_PM.png

5. Once satisfied with your settings, click Save.

Screen_Shot_2018-12-19_at_5.13.59_PM.png

Common Questions

How do automatically provisioned users count towards my license usage?
Non-Lite users that are provisioned automatically count towards your paid license usage.

Is the deprovisioning of users supported from my SAML identity provider?
Formal deprovisioning is unsupported from the SAML application. Learn more about managing your users here.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us