1. Radancy Employee Referrals
  2. Admins
  3. Single Sign-on

How to configure Just-In-Time provisioning for SAML SSO?

Updated

Just-in-time (JIT) provisioning is a process in which user accounts are automatically created when a user first attempts to log in to a system or application via SSO. This means that user accounts are not created in advance, but are created "just in time" when needed.

JIT provisioning can be configured with SSO, providing specific attributes (listed below). This setup allows Talent Scouts to skip adding First Name, Last Name, Employee ID, Department, and Location during the registration process. Moreover, it is possible to automatically assign the appropriate role for a user directly via the IdP.

All changes in user data in your system will be automatically adopted and applied to users the next time they log into Employee Referrals. This assures your user data is always up-to-date.

Profile information provided with JIT provisioning cannot be changed by the user.

In order to adopt Just in Time provisioning, please add the following attributes to your metadata.

  • First name attribute (optional)
<saml:Attribute Name="first_name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
    <saml:AttributeValue
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Max
    </saml:AttributeValue>
</saml:Attribute>
  • Last name attribute (optional)
<saml:Attribute Name="last_name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
  <saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Mustermann</saml:AttributeValue>
</saml:Attribute>

  • Employee-ID-attribute (optional)
<saml:Attribute Name=“employee_id” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
    <saml:AttributeValue
        xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance” xsi:type=“xs:string”>DE123456789
    </saml:AttributeValue>
</saml:Attribute>
  • Department-ID-attribute (optional)

Please note: the values of the department should be the same used for the job and uploaded to your account. For more information, read here.

<saml:Attribute Name=“department” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
    <saml:AttributeValue
        xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance” xsi:type=“xs:string”>Sales
    </saml:AttributeValue>
</saml:Attribute>
  • Location-ID-attribute (optional)

Please note: the values of the location should be the same used for the job and uploaded to your account. For more information, read here.

<saml:Attribute Name=“location” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
    <saml:AttributeValue
        xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance” xsi:type=“xs:string”>Vienna
    </saml:AttributeValue>
</saml:Attribute>
  • User-Role-attribute (optional)

This attribute is predefined and its value must be one of the following to assign the corresponding role:

  • Talent Scout: ROLE_TALENT_SCOUT
  • Recruiter: ROLE_RECRUITER
  • Company-Administrator: ROLE_COMPANY_ADMIN
<saml:Attribute Name=“role” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
    <saml:AttributeValue
        xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance” xsi:type=“xs:string”>ROLE_TALENT_SCOUT
    </saml:AttributeValue>
</saml:Attribute>
Was this article helpful?
0 out of 0 found this helpful