Technical Support
      Back to home
      1. Support Garden
      2. Training Platform
      3. Technical Support

      How to enable Just-in-Time (JIT) provisioning

      Enabling JIT provisioning will allow automation of user account creation in the Living Security application. This technology frees the admin from having to manually create or import users.

      Identity Provider instructions*

      Note:
      If your identity provider is not listed in this guide the tables below are still valid if you are able to locate the configuration page where you can specify attributes for SSO assertions. For questions or assistance please contact help@livingsecurity.com

      Okta

      1. In your Okta Admin console navigate to the Living Security application you created to establish single sign-on. Click the General tab, scroll down to SAML Settings and click Edit.
      2. Click Next and scroll down to the Attribute Statements section. Here we'll define custom attribute statements to be inserted into the SAML assertions shared with the Living Security app. Refer to the following table and make the necessary changes:

        Name Name format Value
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname URI Reference user.firstName
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname URI Reference user.lastName
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/jobtitle URI Reference user.title
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country URI Reference user.countryCode
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/department URI Reference user.department
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/companyname URI Reference user.organization
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/roles URI Reference user.roles
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/division URI Reference user.division
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/managername URI Reference user.manager
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/manageremail URI Reference  
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/city URI Reference user.city
      3. Now click Next near the bottom of the page and then Finish at the next page presented.
      4. Attempt a user login from your organization to app.livingsecurity.com and you will see the user is now present with the attributes specified in the user management page of the Living Security application.

      Note:
      Your organization's variables might differ from what is in the Value column in the previous table. If that is the case, navigate to Directory > Profile Editor then click Profile next to Okta's User (default) to show them.

      Azure

      1. From Azure Active Directory enter the Enterprise Application you previously created for Living Security to establish Single Sign-On.

      2. Reference the following table and the Add new claim button until your configuration matches the image:



        Claim name Value
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/city user.city
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/companyname user.companyname
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country user.country
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/department user.department
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress user.mail
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname user.givenname
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/jobtitle user.jobtitle
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name user.userprincipalname
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/roles user.roles
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/state user.state
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname user.surname
      3. Attempt a user login from your organization to app.livingsecurity.com and you will see the user is now present with the attributes specified in the user management page of the Living Security application.

      PingOne

      1. Within the Ping Admin console navigate to the Living Security application you created by clicking Connections > Applications. In this pane edit the current application connection by dropping down the arrow and then click the Attribute Mappings tab when expanded.

      2. Now click the pencil icon to edit the attribute mappings. Reference the table below and make the appropriate changes until your configuration matches the image:


        PINGONE USER ATTRIBUTE APPLICATION ATTRIBUTE
        Country Code http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country
        Department http://schemas.xmlsoap.org/ws/2005/05/identity/claims/department
        Division http://schemas.xmlsoap.org/ws/2005/05/identity/claims/division
        Email Address saml_subject
        Family Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
        Given Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
        Locality http://schemas.xmlsoap.org/ws/2005/05/identity/claims/city
        Manager http://schemas.xmlsoap.org/ws/2005/05/identity/claims/managername
        Organization http://schemas.xmlsoap.org/ws/2005/05/identity/claims/companyname
        Region http://schemas.xmlsoap.org/ws/2005/05/identity/claims/state
        Role http://schemas.xmlsoap.org/ws/2005/05/identity/claims/roles
        Title http://schemas.xmlsoap.org/ws/2005/05/identity/claims/jobtitle
      3. Attempt a user login from your organization to app.livingsecurity.com and you will see the user is now present with the attributes specified in the user management page of the Living Security application.

         *SCIM and JIT provisioning may not be used together.