User Provisioning Methods Compared

Living Security supports three main methods of user provisioning: SCIM, JiT, and CSV Uploads. Please use the information in this article to choose the best method for your organization.


Provisioning methods compared
Provisioning Method Auto Create Auto Update Auto Deactivate
SCIM
JiT (Just-in-Time)
CSV Uploads

SCIM

SCIM, or System for Cross-domain Identity Management, is an open standard that allows for the automation of user provisioning. Using the SCIM standard, an organization can establish a bridge between their directory of users and our Living Security applications, allowing for the automatic creation of users, updating of their attributes, or their deactivation. This can alleviate the technical debt of manual provisioning the administrator of our products would otherwise have to perform. SSO is not required for SCIM to function.

📄Before proceeding with this method, make sure you are licensed to do so as some identity providers consider automatic provisioning (SCIM) an elevated tier.


Just-in-Time (JiT)

If you're already familiar with or are using SAML SSO, you can think of JiT provisioning as an extension of SAML's functionality. JiT, when configured, allows a payload of attribute statements to be attached to that SSO SAML assertion. JiT can perform user creations and updates, with the triggering action being a user's login attempt, but cannot perform automatic deactivations when compared to SCIM; that action will still require manual intervention. Often times, JiT does not require elevated licensing with your identity provider to perform, unlike with SCIM.

📄Using this method users will not be visible in your Living Security user management dashboard until they login for the first time and because of that you'll need to lean more on dynamic audience creation over static.


CSV Uploads

The most rudimentary method of the 3, CSV Uploads allow you to perform mass action on the users within the list you're importing whether that be creations, attribute updates, or deactivations. The CSV Upload process is limited to 100,000 users and can vary in length depending on the number of users to be imported.