How do I set up Just-in-Time (JIT) Provisioning for Single Sign-on?

If you have Single Sign-on (SSO) set up for Sprout, you can enable Just-in-Time (JIT) provisioning. With SSO JIT provisioning enabled, a user account is automatically created when a user successfully logs in to Sprout via SSO for the first time, eliminating the need for manual invitations.

Note: JIT is currently available for managed users.

Requirements

  • You must have SSO enabled for Sprout. For more information about using SSO with Sprout, read this Help Center guide.
  • The Manage Single Sign On permission must be turned on under Company Permissions. By default, Account Owners have this setting enabled and can grant this permission to other users.


    manage-sso.png

How-to

To set up JIT provisioning:

  1. Navigate to Settings > Account.
  2. Click Single Sign On.
  3. Click Enable Just-In-Time Provisioning.
    enable-jit.png
  4. If you’re on the Advanced Plan, you can assign new users a default Role or a default Group and Profile. If you’re on the Standard or Professional Plans, you can assign new users a default Group and Profile. For more information on Groups, Profiles and Roles in Sprout, see our Administration Basics.
    default-assignment.png

    If you select Assign with Role, you can choose the default Role for new JIT users from the dropdown menu.
    assign-with-role.png

    If you select Assign with Group and Profile, you can choose the Group and Profile from the dropdown menu.
    group-and-profile.png

Note: If you select Assign with Group and Profile, users will be assigned Read Only access to the Profile. You can update this access later.

Once you’ve enabled JIT, you’ll be able to see your remaining user seats under the Single Sign On settings page and the Team Members section.

remaining-seats.png

team-members-remaining.png

Note: If you assign all your seats, the Account Owner will receive an email and JIT will be disabled.

User JIT SSO experience

A user can create an account by logging into the Sprout web app via SSO for the first time.

Note: JIT SSO is not available for the Sprout mobile app.

user-sso.png

Once a new user logs in, the Account Owner will receive an email with a notification that a new user account has been created. You can manage a user’s permissions by clicking Manage User.

new-user-jit.png

Was this article helpful?

Still can't find what you're looking for?

Powered by Zendesk