Ask the Community
Groups
Setting up Just-in-Time provisioning for SAML SSO - Connect IT Community | Kaseya
<main> <article class="userContent"> <p>Introduction</p> <p>If you are using SAML (Security Assertion Markup Language) SSO with an identity provider supporting SAML 2.0, your configuration may be further customized to allow for Just-in-Time provisioning. This allows you to have IT Glue users created automatically the first time they access IT Glue using SSO.</p> <p><strong>How it works</strong></p> <p>Just-in-Time provisioning works with your SAML identity provider to pass key identifying information to the connected application using SAML 2.0. In IT Glue, this is the email address used to authenticate with the SAML identity provider.</p> <p>Prerequisites</p> <ul><li>You must have Administrator level access to IT Glue.</li> <li>SAML SSO Provider supporting SAML 2.0</li> <li>You must already have single sign-on set up. Please see our <strong><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fitglue%2Fhc%2Fen-us%2Farticles%2F360004934017-Setting-up-single-sign-on-SSO-to-IT-Glue" rel="noopener nofollow">Setting up single sign-on (SSO) to IT Glue</a> </strong>KB article for more details.</li> </ul><p>Instructions</p> <ol><li>Under <strong>Enable SAML SSO</strong>, set <strong>Auto-Provision IT Glue Users</strong> to <strong>On</strong>, and choose a <strong>Role</strong> to be assigned to all new users created through Just-in-Time provisioning. You can also assign these users to security groups and grant organizational access. <p><br><img src="https://us.v-cdn.net/6032361/uploads/migrated/HJ939STGCNJU/screen-shot-2019-01-24-at-1-58-28-pm.png" alt="Screen_Shot_2019-01-24_at_1.58.28_PM.png" width="552" height="437" class="embedImage-img importedEmbed-img"></img></p> </li> <li>Click <strong>Save</strong> to complete the process.</li> </ol><p>That's it! Now when a user has provisioned IT Glue in their SSO application, clicking through to IT Glue will automatically provision a user for them with your configured default role, group membership, and organization access.</p> <p>Common Questions</p> <div> <div> <div> <p><strong>Do automatically provisioned users count towards my license usage?</strong></p> </div> <div> <p>All non-Lite users provisioned using Just-in-Time provisioning count towards your paid license usage.</p> </div> </div> <div> <div> <p><strong>Can I de-provision users through my SAML identity provider?</strong></p> </div> <div> <p>User de-provisioning is not supported through the SAML application. Please see our <a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Fitglue%2Fhc%2Fen-us%2Farticles%2F360004938478">Adding and removing users</a> KB article for more information on managing users.</p> </div> </div> </div> </article> </main>