Technical
      Back to home
      1. Help Center
      2. Technical

      Just In Time SSO User Provisioning

      Purpose: Empowering Seamless User Access and Management through SSO

      Prokeep's Just In Time (JIT) User Provisioning feature is designed to streamline user access and management through Single Sign-On (SSO). By integrating automation with custom SAML 2 SSO attributes from your identity provider (IDP), we offer a smooth and efficient experience for user provisioning and updates within Prokeep.

      Key Components:

      1. Attribute Mapping:

        • Group Mapping: Assign users to the appropriate Prokeep Group based on attributes such as job locations or branches. This is facilitated by associating the location/branch code with the external ID of Prokeep Groups. Consistency in location codes across users ensures accurate group assignments.
        • Role Mapping: Determine users' Prokeep roles (member, manager, admin) by mapping attributes such as job codes or titles from your IDP. Alternatively, custom attributes can be added to your IDP for role assignment. Detailed role descriptions can be found in our documentation.

      User Provisioning and Updating Flow:

      1. Initial Authentication:

        • Upon a user's first SSO authentication into Prokeep, our system will automatically create their account.
        • Users will be added to the designated group based on attribute mapping, and their role will be assigned according to the role mapping.
        • Admins can receive notification emails to stay informed about new user creations.

      2. Exception Handling:

        • An exception group is available in Prokeep to capture users whose attributes do not match the mapped criteria.
        • Admins are notified via email about users added to the exception group, allowing manual permissions adjustment.

      3. Automated Updates:

        • User updates are seamlessly managed through the same attribute mapping used for provisioning.
        • Automated updates are triggered whenever a user's role or group assignment in Prokeep doesn't align with their IDP information upon login.
        • Admins receive notification emails regarding these changes, ensuring transparency and oversight.
        • Users designated for the exception group remain unaffected by the update process, maintaining their existing group or role assignments.

      With Prokeep's Just In Time SSO User Provisioning, enjoy a hassle-free approach to user management, ensuring accurate access and permissions across your organization. For further assistance or inquiries, don't hesitate to contact your technical account manager.