FAQ: How does Just-In-Time Provisioning work?
What is Just-In-Time Provisioning?
Just-In-Time (JIT) provisioning is an automated process that creates and configures user accounts when they sign in for the first time. This approach eliminates the need to manually create user accounts ahead of time, and instead generates them automatically. JIT provisioning is especially useful in SSO systems, where it simplifies user management, enhances security, and improves the user experience. JIT provisioning is only available to the team that has SSO enabled.
Existing users in the team who were onboarded before turning on SSO won't be affected by JIT provisioning. It applies only to new users or individuals signing in for the first time after SSO is turned on.
How JIT Provisioning Works for more than One Team?
JIT provisioning is only available to the teams where SSO is enabled; the other teams are managed manually. For example, a customer has Team A and Team B, and SSO is enabled in Team A. when JIT provisioning is enabled for Team A, the SSO login user is added to Team A only.
How JIT Provisioning Works in Autodesk
When JIT provisioning is enabled, the first sign in attempt by a user triggers the JIT provisioning process. During this process:
The system automatically creates a user account.
The user account is added into the designated team where SSO is configured and turned ON.
The account is setup with the necessary user attributes.
When JIT provisioning is disabled, signing in with SSO is restricted for new users or users not assigned to your team. To grant them sign-in access through SSO, administrators must manually invite users to the team where SSO is enabled.
Managing JIT Provisioning
SSO administrators can enable or disable Just-In-Time (JIT) provisioning before and after turning on SSO.
Before turning on SSO
To enable JIT provisioning before turning on SSO, click the checkbox "Allow JIT provisioning to give SSO access to new users."
After turning on SSO
To enable JIT provisioning after turning on SSO, click Edit SSO access under your SSO connection in Autodesk Account.
Inviting Users To SSO Access When JIT Provisioning is Disabled
When JIT provisioning is disabled, accounts need to be manually created and users need to be invited to the team by primary or SSO administrators. In this case, administrators are responsible for inviting users to the team to grant SSO access.
Only users with the email domain associated with your SSO connection will get SSO access.
To invite users to your team so they can sign in with SSO:
In Autodesk Account, go to User management > By user.
Select the team to which you want to invite the user.
Click the + Invite users button.
Fill in the user's details in the Invite Single tab and click Send invite to send the invite.