Users provisioned through Just-in-Time provisioning are added to groups based on their user attributes and derive their resources entitlements from the groups to which they belong. Before you configure Just-in-Time provisioning, ensure that you have local groups in the service. Create one or more local groups, based on your needs. For each group, set the rules for group membership and add entitlements.


  1. In the VMware Identity Manager console, click the Users & Groups tab.
  2. Click Create Group, provide a name and description for the group, and click Add.
  3. In the Groups page, click the new group.
  4. Set up users for the group.
    1. In the left pane, select Users in This Group.
    2. Click Modify Users in This Group and set the rules for group membership.
  5. Add entitlements to the group.
    1. In the left pane, select Entitlements.
    2. Click Add Entitlements and select the applications and the deployment method for each application.
    3. Click Save.