Enabling Just-In-Time for a Tenant

To enable Just-In-Time for a tenant, the following preliminary steps should be considered before setting it up for Single or Multiple authentication profiles.

  1. Create a SAML/ADFS Authentication Profile in Platform. See Configuring SAML or ADFS Authentication for a tenant for more information. Ensure Just-In-Time for SAML and Validate User Fields on creation options are enabled while creating a new profile.

  1. Provide the following user field mappings in Mapping section of the authentication profile.

    loginName=mailAddress

    lastName=lastName

    firstName=firstName

    role=role

    custId=custId

    email=mailAddress

  1. Configure your Identity Provider (IdP) in the SAML Authentication section of the authentication profile.

  1. Ensure the mapped values of Identity Provider (IdP) to the user fields are correct.

Single Authentication Profile Login with JIT enabled

  1. Let's say, there is only one authentication profiles configured with Just-In-Time enabled. Login to your Platform account which should be similar to the below URL.

    http://localhost:8080/router/login/loginPrivate.jsp?custId=<CustId>

  2. Enter your User Name and click Login.

  3. You are redirected to your Identity Provider's (IdP) Login Page. Enter your IdP credentials.

  4. On successful authentication, the new user is created and redirected to the Infinite Blue Platformlanding page (as configured for the user role).

Multiple Authentication Profile Login with JIT enabled

  1. Suppose you have more than one authentication profiles configured with Just-In-Time enabled. Login to your Platform account which should be similar to the below URL.

    http://localhost:8080/router/login/loginPrivate.jsp?custId=<CustId>

  2. Enter your User Name. Select your corresponding Authentication Profile from the dropdown and click Login.

  3. You are redirected to your corresponding Identity Provider's (IdP) Login Page. Enter your IdP credentials.

  4. Once authenticated, the new user is created and redirected to the Infinite Blue Platform landing page (as configured for the user role).
Note: The following attributes are mandatory apart from the basic mandatory field (loginName).
  • Role ID.
  • Email.