Q: 3
When users are authenticated using SAML, what are the two most efficient ways of provisioning the
users?
Options
Discussion
I get where you're coming from, Jack. SAML autoprovisioning (JIT) kicks in only when users first authenticate via SAML, so if initial onboarding needs to be hands-off, D makes sense. Directory sync is good for bulk updates but doesn't catch users who join through SAML only. Pretty sure that's why SCIM plus SAML autoprovisioning is a better fit here, but correct me if I've misunderstood.
Nah, C skips the JIT piece for SAML users. D.
Anyone else run into a similar provisioning scenario with SAML users? Curious if D is always the go-to here.
D here. SCIM covers automated directory provisioning and SAML autoprovisioning takes care of JIT when a user first authenticates. Option C looks tempting but misses the JIT piece SAML brings in-so not as efficient for SAML-authenticated users. I think D is right, but open to arguments if someone disagrees.
Its D. SCIM handles the sync and SAML autoprovisioning does JIT, so both together are most automated. B is a trap here.
Maybe D, SCIM is made for automated provisioning and SAML autoprovisioning does JIT. Not 100% sure.
Be respectful. No spam.
