Just-in-time user provisioning
SSO JIT (Single sign-on just-in-time provisioning) consists in creating and updating users in the workspace dynamically (or on-the-fly).
This provisioning occurs when the users log-in for the first time to the app, and is based on the user information contained in the SAML assertions received previously from the identity provider.
In other words, for specific workspaces, SpotMe can provision user profiles directly during the user's initial authentication, therefore eliminating the need to create the user accounts before-hand.
To match the users to the workspaces, SpotMe's SSO service supports different workspace matching modes, depending on the data shared by the identity provider (IDP).
Workspace matching modes
The workspace matching modes define the criteria based on which users are added to the respective workspaces.
If your IDP can store and share additional metadata for profiles, it can also store a list of SpotMe event identifiers (EIDs) that a user has access to.
These EIDs can be retrieved during user authentication, and the users will be automatically added to those workspaces.
Profile field mode
SpotMe's system can be configured to add users to workspaces based on their profile fields.
For example, based on a country or a department field stored within your IDP, the user record would be created in a different SpotMe workspace.
During authentication SpotMe can import any profile field and make it available within a SpotMe workspace to either appear on a user's profile in-app, or to be used by Backstage administrators for targeting and personalization.
Currently, profile photos cannot be imported.