Just-in-Time provisioning

Just-in-Time (JIT) provisioning automates how new team members can gain access to software. When a new team member logs in to Abstract for the first time, a new account is created for them behind the scenes.  

JIT relies on your single sign-on (SSO) configuration to authenticate account access. JIT provisioning has two key benefits. You can: 

  • Share secure access to Abstract, without delay. 
  • Skip manual software credentialing and account management.

How Just-in-Time provisioning works

When SSO is configured, anyone who tries to log in to Abstract with a company-associated domain may be redirected to sign in via your company’s SSO portal, depending on the configuration. Once authenticated, JIT and SSO together verify if those authenticated credentials are associated with an Abstract account. 

  • If an Abstract account already exists, the person is logged in as normal and proceeds to Abstract. 
  • If an Abstract account does not exist, JIT creates a new account for that person and allows them to proceed to Abstract.  

Technical considerations

Before you implement Just-in-Time provisioning, please note: 

When accounts are created via Just-in-Time provisioning: 

  • You will not be able to change their account email address without reaching out to Abstract’s support team. 
  • The account member will not be able to use that account to join or create another Abstract Organization. 

How to configure Just-in-Time provisioning

  1. Configure SSO. Okta, Azure AD, ADFS, Google SAML, and Amazon Web Services are officially supported SSO Identity Providers for Abstract. You may also configure SSO with another IdP.
  2. From your Identity Provider (IdP), assign users to the Abstract app. There should be an option to enable it for your entire Organization at once. 
  3. Contact your Account Manager and we will enable JIT for your Organization.