Just-in-Time (JIT) Provisioning

You can now simplify user licensing by allowing new users to automatically be created and assigned licenses upon first sign in.

Pre-requisites

Before you can use Just-in-Time provisioning, you must have the following setup: 

1. Configure and enable single sign-on (SSO).
2. Map the following attributes: Email, Firstname, Lastname, and Groups.
3. Create a federated group.

Configure Just-in-Time Provisioning

1. Navigate to Laserfiche Cloud Account Administration.
2. Click the Settings tab.
3. Click the Single Sign-On tab.
4. Click the Just-in-Time Provisioning tab and turn the option to Yes.
5. Turning the Verbose logging option to Yes will display a detailed error to users whose SSO sign-in fails against ACS (i.e., the user is correctly signed in via SSO but the sign-in request sent to ACS is misinterpreted or misconfigured). The error details why the initial SSO configuration with Laserfiche Cloud has failed (i.e., bad claim, certificate issues, etc.).

   Important: It is not recommended to use this feature often as it will display details about a customer's identity provider configuration. This feature is for troubleshooting only and should not be left on indefinitely.

6. Click Add a new rule to select a federated group and the license type that will be assigned to any users in this group.

   Note: Federated group rules must be organized by priority. If a user is part of multiple groups, the user will be assigned the license that is part of the higher priority or first group rule.

7. To finish, click Save changes.