Skip to content
English
  • There are no suggestions because the search field is empty.

Just-In-Time User Provisioning: Frequently Asked Questions

Get answers to frequently asked questions around JIT.

Frequently Asked Questions

When a new user gets created during SSO, is it possible for the SAML Assertion Attributes to include categories and labels?

What options are there for setting the User Type and Role during SAML SSO User Creation?

When is it advantageous to create new users via SAML SSO?


When a new user gets created during SSO, is it possible for the SAML Assertion Attributes to include categories and labels?

No. Categories and labels cannot be created for a user during SSO user creation. For NEXT partners only, you can include custom demographics in a SAML assertion and have those get set into Foundry user custom demographics.


What options are there for setting the User Type and Role during SAML SSO User Creation?

For SAML SSO user creation, the default User Type can be overridden by providing an Attribute Mapping for that property in the identity provider configuration in Foundry.

The Foundry IDP setting also sets a default User Role within the selected default User Type. For example, the default User Type might fac_staff_learner for a Faculty/Staff Learner and default User Role could be non_supervisor for a  Non-Supervisor. If you override the default user type, then the Assertion must also provide a role override that belongs to the provided user type.

When is it advantageous to create new users via SAML SSO?

Generally, if you have a relatively fixed and known user base and you know who your users are, then it makes sense to create them in Foundry in advance and then assign them courses. Therefore, there isn’t a strong use case to have these users get auto-created during SAML SSO. If you are not directly assigning course to people and have viewers who register on the fly to take your content, then it makes sense to allow for users to get created on the fly in Foundry via SAML SSO.

Moreover, just-in-time user creation does not allow for setting custom categories and labels for users. If you assign learning activities based on custom categories, then any users created during SSO won’t get those categories and therefore you won’t have any way to assign content to them. For this reason, just-in-time user creation works for Workplace Culture Network use cases where all employees are assigned the same content.