• Download a trial
  • Sales
  • Support
  • Login
logo
  • Home
  • Products
  • Solutions
  • Partners
  • About Us
  • Consulting
  • Resources
Request a Quote
  • Workforce Identity
  • Customer Identity
  • Comparison
  • Subscriptions

All Features

Overview of all features in Workforce Identity

User Onboarding and Offboarding

Automate joiner, mover, leaver processes

Access Request

Access requests with multi-step approvals

User Access Reviews

Save time with user access reviews

Self-Service Portal

Self-service portal for all end user activities

Segregation of Duties

Detect and remediate SoD violations

Password Management

Enforce password policies and enable synchronization

Single Sign-On (SSO)

Enable SSO using standards - SAML, oAuth, OIDC

Authentication and MFA

Improve security with adaptive authentication and MFA

3rd Party IdP Integration

Integrate with your existing identity provider

Integration API

Use the REST API to add identity into your applications

Connector Library

Integrate on-premise and SaaS applications

Modern Architecture

Microservice architecture that supports deployment using RPM, Kubernetes or OpenShift

Workforce Identity Concepts

All Features

Overview of all features in Customer IAM

Authentication and MFA

Improve security with adaptive authentication and MFA 

Single Sign-On (SSO)

Enable SSO using standards - SAML, oAuth, OIDC

Password Management

Enforce password policies and enable synchronization

Modern Architecture

Microservice architecture that supports deployment using RPM, Kubernetes or OpenShift

Customer Identity Concepts

Community vs Enterprise

Summary of the differences between the Community and Enterprise editions

Subscription Benefits

Overview of the benefits provided by an OpenIAM subscription

  • Integrations
  • Verticals
  • Workforce Use Cases
  • CIAM Use Cases
  • Compliance

Active Directory

Manage identity in Active Directory

Azure (O365)

Manage identity in Office365

SAP

Manage identity in SAP S/4 Hana

SAP SuccessFactors

Manage identity in SAP SuccessFactors

Workday

Manage identity in Workday

Education

Manage identity for students, staff and alumni

User Access Requests

Empower end users and improve compliance with user access requests

Strong Authentication

Improve security with adaptive authentication and MFA

Single Sign-On (SSO)

Improve customer experience with SSO

NIS2

Achieve compliance with the EU directive for cybersecurity frameworks.

DORA

Comply with the Digital Operational Resilience Act for the EU.

HIPAA

For healthcare organizations seeking HIPAA compliance.

  • Partners

Current Partners

Our Current Partners

  • About Us

About OpenIAM

Learn about OpenIAM

Press Releases

References to OpenIAM press releases

OpenIAM in the Media

References to OpenIAM in the media

Careers

Learn about open positions at OpenIAM.

  • Consulting

Proof of Value

Customized engagement to confirm defined proof of value objectives

Jump Start

Customized engagement to rapidly deliver a solution into production

Solution Implementation

Engagement with the objective to deliver a complete IAM solution based on customer requirements

  • Resources

Videos

Collection of videos describing how OpenIAM can be used to solve common use cases

Community Portal

Collaborative community portal to learn more about OpenIAM

CE Documentation

Documentation for the Community Edition

Blog

Musings on identity penned by the OpenIAM team

Webinar Calendar

Upcoming webinars and training sessions

Workforce Identity Concepts

Customer Identity Concepts

What is Just-in-Time (JIT) Provisioning?

The concept of just-in-time (JIT) provisioning refers to the process of creating a user account in an application or system at the moment of user authentication if the account does not already exist. This article will provide an overview of how the JIT provisioning process works as well as address the benefits and considerations. 

So, how does it work?  When a user seeks to connect to an application, the Identity Provider (IdP) sends a SAML assertion to the Service Provider (SP). If a user is recognized, they are granted access. If not, a new account is generated instantaneously.

Just-in-time (JIT) provisioning in the context of the Security Assertion Markup Language (SAML) simplifies the process of creating and granting user access. Here’s a detailed breakdown of how JIT provisioning generally works with SAML: 

  1. Initial login: A user tries to access a service provider (SP), but an account does not exist for that user. 

  2. SAML authentication: The service provider redirects the user to the identity provider (IdP) to authenticate. The user then logs in to the IdP. 

  3. SAML assertion: Upon successful authentication, the IdP sends a SAML assertion back to the service provider. This assertion contains the user's attributes like their name, email, roles, or any other necessary information. 

  4. Account creation: The service provider checks if there's an existing account for the user. If not, it uses the information from the SAML assertion to automatically create a new user account. 

  5. Access granted: The user gains access to the service using their newly created account.  

Just-in-time provisioning benefits

Automating the account creation process relieves your IT operations personnel of the strain of the manual creation of accounts. Instead of responding to queries about mundane activities such as account creation or forgotten passwords, JIT provisioning allows them to focus on more demanding initiatives.  

Efficiency and cost savings

Automated account creation: JIT provisioning automates the process of establishing user accounts as they are required, minimizing administrative strain on IT workers and removing the need for manual account configuration. By providing accounts only when needed, organizations may improve resource utilization, ensuring that IT resources are deployed efficiently. 

Improved user experience

Seamless onboarding: Users may access required services immediately after their initial login attempt, resulting in a more efficient and speedier onboarding process. This improves the overall user experience by decreasing delays and friction. 

Single sign-on (SSO) integration: JIT provisioning integrates with SSO systems, allowing users to access different services with a single set of credentials, simplifying their engagement with the organization's digital resources.  

Enhanced security

Reduced attack surface: By providing accounts just as needed, JIT provisioning decreases the number of inactive accounts that may be potential targets for cyberattacks, lowering the total attack surface.  

Up-to-date access controls: JIT provisioning guarantees that user access rights are provided using the most recent information, lowering the risk of obsolete or inaccurate access permissions.  

Just-in-time provisioning challenges

Organizations adopting just-in-time provisioning have factors to take into consideration. Creating, updating, and deactivating user accounts necessitates ongoing management to minimize redundancy and ensure that unwarranted access to resources is swiftly deleted. However, it's important to highlight that just-in-time (JIT) provisioning primarily focuses on the creation of accounts and does not automatically handle the removal of accounts when users leave an organization. This lack of automated deprovisioning can lead to security risks if accounts are not deactivated promptly, leaving former employees with potentially harmful access to sensitive resources. Therefore, organizations must implement additional processes or tools to manage the deprovisioning of user accounts effectively. 

Let’s Connect

Managing identity can be complex. Let OpenIAM simplify how you manage all of your identities from a converged modern platform hosted on-premises or in the cloud.

For 15 years, OpenIAM has been helping mid to large enterprises globally improve security and end user satisfaction while lowering operational costs.

Download a Trial Contact Sales
footer-top-logo
openIAM-white-logo

All modules of our IAM platform share a common infrastructure allowing customers to see one unified identity solution versus a collection of disparate products.

  • linkedin-icon
  • facebook-icon
  • twitter-icon
  • youtube-icon

sales@openiam.com

(858)935-7561

Copyright © 2025 OpenIAM. All rights reserved.
  • Privacy Policy