Enabling Just-In-Time in Global Authentication Mode

To provision Just-In-time on an instance level with Single User Multi Tenant instance enabled or disabled, consider the following steps. Also, ensure Just-In-Time for SAML and Validate User Fields on creation options are enabled while creating a new profile.

Configuring Just-In-Time with Single User Multi Tenant instance enabled

  1. From the Control Panel of the System Console, configure as represented in the following screenshot. Ensure Just-In-Time, Validate User Fields on creation and Single User Multi Tenant are enabled in the Configuration section.

  1. Provide the following user field mappings in Attribute Map of the authentication section.

  1. Configure the IdP configurations (considered OKTA as an example) as represented in the following screenshot.

  1. Ensure the mapped values of Identity Provider (IdP) to the user fields are correct.

Configuring Just-In-Time with Single User Multi Tenant instance disabled

  1. From the Control Panel of the System Console, configure as represented in the following screenshot. Ensure Just-In-Time and Validate User Fields on creation is enabled and Single User Multi Tenant option is disabled in the Configuration section.

  2. Provide the following user field mappings in Attribute Map of the authentication section.

  1. Configure the IdP configurations (considered OKTA as an example) as represented in the following screenshot.

 

  1. Ensure the mapped values of Identity Provider (IdP) to the user fields are correct.

Mandatory Fields

The following attributes are mandatory while configuring Just-In-Time in global authentication mode apart from the basic mandatory field (loginName)

  • Role ID
  • custId
  • Email