Just-in-time (JIT) provisioning is a method of application account creation. JIT is integration with your active directory services, your IDP (Passly), and your web application (BMS).
With the implementation of JIT with BMS, AD users are created and provisioned during their sign-on to the BMS portal. This eliminates the need for manual user creation and automates employee/end-user onboarding effectively.
To set up your JIT directory with BMS perform the following steps :
Prerequisites In Passly :
- SAML based single sign-on enabled.
- The end-user/groups should have the SAML app assigned in Passly Applications.
- The Domain and security groups should be present and match the mapping rules setup in BMS
- User account should have an email address associated with it.
Enable JIT Provisioning
Just-in-Time (JIT) provisioning is set up in the BMS Authentication page
- In BMS, navigate to Admin > My Company > Auth and Provision.
- Choose SSO JIT Provisioning.
- Set default values under Employee Defaults, these will be assigned to the users being provisioned.
- Add Mapping Rules to start provisioning Active Directory Groups to BMS.
- Multiple rules can be added to establish mapping for different security groups.
- Save your settings.
- Users will be auto-provisioned based on your Active Directory Domain, Security group/User mappings to BMS.
- The provisioned user will be attached to the account defined in Employee defaults.