Just-in-Time (JIT) Access

Hello ​@Agent007  - awesome username by the way. :)

Yes. When SAML is configured with Advanced SAML Configuration enabled, Securonix can automatically create users the first time they log in via SSO, based on the attributes sent in the SAML assertion.

In the SAML settings, there is an option:
“Do you want to create user automatically, if user is not found in Securonix / Unified Defense SIEM?”
When this is turned on, if a user does not already exist, Securonix will create the account using the SAML attributes (such as first name, last name, email, role, and admin flag) and then log the user in. If the user already exists, their profile is updated from the SAML assertion and they are authenticated. [Cloud SAML settings]

This behavior is what most customers refer to as JIT provisioning: users are created “just in time” at first successful SSO login, driven entirely by the SAML attributes from your IdP. In some support cases, customers have reported that after changing SAML settings (including the auto‑provisioning toggle), user creation behavior did not change until Support performed an application restart. Once Support completed the restart, auto‑provisioning began working as expected.