Configuring SAML with JIT provisioning
You can configure the just-in-time (JIT) with Security Assertion Markup Language (SAML) for single sign-on (SSO).
To configure SAML with JIT provisions, complete the following steps:
-
Ensure that the users can log in to the IBM Cloud Pak foundational services platform. For more information, see Granting access to capabilities within an IBM Cloud Pak to enable access to the users.
-
You must authenticate to the IBM Cloud Pak foundational services platform to enable the JIT provision in the Cloud Pak platform.
-
Configure SAML with SAML at the identity providers (IdPs) and service provider (SP) ends. For more information, see IBM Cloud Pak JIT support for SCIM OKTA and Azure Active Directory.
Example of SAML with JIT configuration
For the SAML with JIT configuration, the users need to authenticate to the IBM Cloud Pak foundational services operator to enable the JIT provision in the foundational services user repository.
After you enable JIT provision in the foundational services user repository, the QRadar Suite uses SCIM to retrieve the users from the foundational services operator.