Configure just-in-time provisioning

Supported in:

SOAR

This document explains how to configure just-in-time (JIT) provisioning for Okta users and Azure users.

With JIT enabled, Google Security Operations SOAR automatically creates the user after a successful SAML sign-in from the configured Identity Provider (IdP), such as Okta or Google Workspace.

Define JIT provisioning for Okta users

In Google SecOps SOAR, go to Settings > Advanced > External Authentication.
Select Okta and enter the required parameters.
Select the JIT provisioning checkbox to display the mapping fields.
In Okta, click Directory > Profile Editor. Copy the exact field names and enter them into the corresponding fields in Google SecOps SOAR.
Confirm the fields are are identical in the Google SecOps SOAR platform and in Okta, and then save.

Define JIT provisioning for Azure users

In Google SecOps SOAR, go to Settings > Advanced > External Authentication.
Select Azure and enter the required parameters.
Select the JIT provisioning checkbox to display the mapping fields, then use the following standard claim URIs:

First Name Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname.
Last Name Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname.
User Name Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name.
Email Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name. The Email Attribute can also sometimes be seen as http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress.

Note: If Google SecOps SOAR expects the LoginID to be the user's email, set NameID to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress and map Email to NameID in your IdP.

Need more help? Get answers from Community members and Google SecOps professionals.