What is User Provisioning with JIT?
With just-in-time user provisioning (JIT provisioning), you are able to create a Loopio user directly within the IDP, and their user account will be created in Loopio the first time they log in.
Prerequisites
- You have SAML SSO enabled with Loopio or will enable it now. If you are already using SSO, steps 1-4 of Configuring JIT User Provisioning in Okta below may already be completed
Configuring JIT User Provisioning in Okta
- In Okta navigate to Applications > Applications and select Create App Integration
- Select SAML 2.0 as the sign-in method and click Next
- Fill in the details for your application on the General Settings page and click Next
- Navigate to the Configure SAML page, then under ‘SAML Settings’ fill in the section with the values from the table below:
Single sign-on URL https://LOOPIO_URL/sso_saml/module.php/saml/sp/saml2-acs.php/loopio-sp SP Entity ID loopio-sp Default RelayState https://LOOPIO_URL/home NameID Format Unspecified Application username Email Update application username on Create and update
Note: Replace ‘LOOPIO_URL’ with the domain of your Loopio instance. Learn more: What is my Company's Loopio URL?
- Fill out the Feedback section and click Finish
Creating Attributes in the App
- Go to the Okta Profile Editor for the Loopio App you created
- Click on Add Attribute
- Add the following Attribute Statements:
Name Name format Value firstName Unspecified user.firstName lastName Unspecified user.lastName loopioAccess Unspecified appuser.loopioAccess loopioRole Unspecified appuser.loopioRole - Click Next and Finish
Configuring a User
These steps are important for a user to successfully log in to their Loopio account through SAML. Their account access will depend on what is set here.
Tip: Please be advised that we assume that users have been added to Okta and that they have been assigned to the proper application.
- Go to the Okta Profile Editor
- For any User or Group who should have Loopio access, add the following Attributes
Display name Variable name Description Data type Attribute required Loopio Access loopioAccess This user has access to the Loopio platform. boolean Yes Loopio Role loopioRole The assigned role of the user (must match roles in customer's Loopio platform). string Yes