Just-In-Time Provisioning

Organizations using Flexera One's SAML 2.0 single sign-on may enable Just-in-Time (JIT) Provisioning for their Identity Providers (IdP) to automate user creation and Group Sync to synchronize groups from their IdP to Flexera One.

Once an IdP is connected to Flexera One by an administrator, the next step is to add the remaining users in the IdP to Flexera One. To add users, email invitations can be sent to individual users from the Flexera One UI, but this is not practical for organizations having more than a few users. Only users who have already been added to Flexera One can login through their organization’s IdP, unless JIT Provisioning is enabled. JIT Provisioning automatically adds users to Flexera One when they login.

The following table describes the behavior for a user who does not exist in Flexera One logging in through an IdP with JIT Provisioning either disabled or enabled.

JIT Provisioning Setting

Description

Disabled

Login is rejected

Enabled

User is automatically added to Flexera One and login succeeds

Required SAML 2.0 Assertion Attributes

The following user attributes must be included in the assertion sent by the IdP to Flexera One for a user to be successfully JIT provisioned.

User Attribute

Description

firstName

The user's given name

lastName

The user's surname

Caution:If any of the above required attributes are missing, JIT Provisioning fails, and the user is unable to login to Flexera One.

Caution:For organizations using Azure Active Directory (AD), do not populate the optional Namespace field for either of the claims (attributes) shown following.

After a User is JIT-Provisioned

Note:Users onboarded to Flexera One by JIT Provisioning do not have passwords, and may only login to Flexera One with single sign-on.

Users created as a result of JIT Provisioning will be affiliated to IdP’s organization, but will not automatically be granted any roles. An administrator may add the user to pre-configured Flexera One groups, or grant roles to directly to the user in Flexera One's User Management, after they have been created through JIT Provisioning.