Provisioning Users with JIT

You can provision user access to Digital Risk Protection (Threat Command) with SAML Just in Time (JIT) from your single sign-on (SSO) provider. The service is available for Azure AD and Okta SSO.

When using JIT to provision users, the following apply to those users:

• Logging in to Digital Risk Protection (Threat Command) is done from the SSO application, not through the Digital Risk Protection (Threat Command) login.
• The user does not have a Digital Risk Protection (Threat Command) password.
• Deleting a user from the SSO application does not delete them from Digital Risk Protection (Threat Command).
• A user deleted from the SSO application cannot Log in to Digital Risk Protection (Threat Command) (as they have no password). You can manually delete that user from Digital Risk Protection (Threat Command).
• Users are assigned the same time zone as the account.
• To change the time zone or make other changes to user settings (notifications, etc.) use the Digital Risk Protection (Threat Command) Settings > Users  page.
• Users have a notation in their user card that their user was provisioned by SAML JIT.

For more information on configuring SSO and user provisioning, see these sections:

• Configure Azure AD SSO
• Configure Okta SSO