Setting up Just-in-Time provisioning for SAML SSO


If you are using SAML (Security Assertion Markup Language) SSO with an identity provider supporting SAML 2.0, your configuration may be further customized to allow for Just-in-Time provisioning. This allows you to have IT Glue users created automatically the first time they access IT Glue using SSO.

How it works

Just-in-Time provisioning works with your SAML identity provider to pass key identifying information to the connected application using SAML 2.0. In IT Glue, this is the email address used to authenticate with the SAML identity provider.


  • You must have Administrator level access to IT Glue.
  • SAML SSO Provider supporting SAML 2.0
  • You must already have single sign-on set up. Please see our Setting up single sign-on (SSO) to IT Glue KB article for more details.


  1. Under Enable SAML SSO, set Auto-Provision IT Glue Users to On, and choose a Role to be assigned to all new users created through Just-in-Time provisioning. You can also assign these users to security groups and grant organizational access.


  2. Click Save to complete the process.

That's it! Now when a user has provisioned IT Glue in their SSO application, clicking through to IT Glue will automatically provision a user for them with your configured default role, group membership, and organization access.

Common Questions

Do automatically provisioned users count towards my license usage?

All non-Lite users provisioned using Just-in-Time provisioning count towards your paid license usage.

Can I de-provision users through my SAML identity provider?

User de-provisioning is not supported through the SAML application. Please see our Adding and removing users KB article for more information on managing users.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us