This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Configuring Just-In-Time Provisioning for an Identity Provider

You can configure Just-In-Time (JIT) provisioning for the identity provider. With Just-in-Time provisioning, you can create users on the fly without having to create user accounts in advance. For example, if you recently added a user to your application, you do not need to manually create the user in the Identity Server or in the underlying user store.

When the users are authenticated as part of the authentication flow, their account is automatically created for them, eliminating the time and effort related to creating the account. So when the response from the identity provider comes into the Identity Server, and if JIT provisioning is enabled, the user is provisioned to the user store in the Identity Server. You can specify the user store to which the provisioning happens.

Expand the Just-In-Time Provisioning section to configure this.

  • Selecting No provisioning from the available options disables Just-In-Time provisioning. This is selected by default.
  • Alternatively you could choose to always provision users to the user store domain. Select the user store domain name from the dropdown list to provision users to the user store. The default user store that is shipped with the Identity Server is the user store available by default. You can configure a user store of your preference and it will be listed in this dropdown for selection.