You configure Just-in-Time user provisioning for a third-party identity provider while creating or updating the identity provider in the Workspace ONE Access service.

When you enable Just-in-Time provisioning, you create a new Just-in-Time directory and specify one or more domains for it. Users belonging to these domains are added to the directory.

You must specify at least one domain. The domain name must be unique across all the directories in the Workspace ONE Access service. If you specify multiple domains, SAML assertions must include the domain attribute. If you specify a single domain, it is used as the domain for SAML assertions without a domain attribute. If a domain attribute is specified, its value must match one of the domains otherwise login fails.

Procedure

  1. Log in to the Workspace ONE Access console.
  2. Click the Identity & Access Management tab, then click Identity Providers.
  3. Click Add Identity Provider or select an identity provider.
  4. In the Just-in-Time User Provisioning section, click Enable.
  5. Specify the following information.
    • A name for the new Just-in-Time directory.
    • One or more domains.
      Important: The domain names must be unique across all directories in the tenant.

    For example:


    Create Identity Provider

  6. Complete the rest of the page and click Add or Save.