Skip to content
English
Contact Support
  • There are no suggestions because the search field is empty.

Just-In-Time User Provisioning: Frequently Asked Questions

Q: When a new user gets created during SSO, is it possible for the SAML Assertion Attributes to include categories and labels?

A: No. Categories and labels cannot be created for a user during SSO user creation. For NEXT partners only, you can include custom demographics in a SAML assertion and have those get set into Foundry user custom demographics.

 

Q: What options are there for setting the User Type and Role during SAML SSO User Creation?

A: For SAML SSO user creation, the default User Type can be overridden by providing an Attribute Mapping for that property in the identity provider configuration in Foundry.

The Foundry IDP setting also sets a default User Role within the selected default User Type. For example, the default User Type might fac_staff_learner for a Faculty/Staff Learner and default User Role could be non_supervisor for a  Non-Supervisor. If you override the default user type, then the Assertion must also provide a role override that belongs to the provided user type.

 

Q: When is it advantageous to create new users via SAML SSO?

A: If you have a fixed, known user base and plan to assign courses directly, it’s best to create those users in Foundry ahead of time. In that case, auto-creating users during SAML SSO doesn’t add much value.

However, if you don’t assign courses individually and expect users to register on the fly—such as viewers accessing content as needed—then allowing users to be created during SSO makes sense.

Keep in mind that just-in-time (JIT) user creation does not support custom categories or labels. If your learning assignments depend on these categories, users created during SSO won’t have them, and you won’t be able to target content. For this reason, JIT works best in scenarios like Workplace Culture Network, where all employees receive the same content.