Just-in-Time user provisioning

"Just-in-time" (JIT) provisioning in SAML configuration means that the user is created automatically by Google Security Operations SOAR after the user has logged in through their specific SAML login (such as Okta or Gmail).

In order to set this up, the admin needs to both define all the relevant fields in the Google Security Operations SOAR platform and then match them with the relevant SAML provider. JIT can only be configured for one SAML provider.

This document shows you how to set up JIT provisioning for Okta users and Azure users.

To define JIT user provisioning for Okta users, do the following:

  1. Within the platform, navigate to Settings > Advanced > External Authentication.
  2. Select Okta and fill out the mandatory parameters.
  3. Select the JIT provisioning checkbox to display the relevant fields.
  4. Navigate in Okta to Directory > Profile Editor and see how each field is written there and then copy that into the field name in the Google Security Operations SOAR platform.
  5. Make sure the fields are filled out in the Google Security Operations SOAR platform exactly the same as in Okta before saving.

To define JIT user provisioning for Azure users, do the following:

  1. Within the platform, navigate to Settings > Advanced > External Authentication.
  2. Select Azure and fill out the mandatory parameters.
  3. Select the JIT provisioning checkbox to display the relevant fields and fill out as follows.
    • First Name Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
    • Last Name Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
    • User Name Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    • Email Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name. The Email Attribute can also sometimes be seen as http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress