Symantec Access Management

  • Private Community

  • 1.  JIT provisioning?

    Posted Jan 18, 2013 02:24 PM
    Hi All,

    Is there no way in SiteMinder to create a new user object in a directory after they have been authenticated? In other words, is there no way to Just-in Time (JIT) provision a user?

    TIA!

    --

    Regards,

    Travis Spencer


  • 2.  RE: JIT provisioning?
    Best Answer

    Broadcom Employee
    Posted Jan 18, 2013 02:42 PM
    Good afternoon Travis,

    I am not sure I follow your question.
    In order for Siteminder to Authenticate a person the user must provide a username and password that mataches a user in a user store.

    What I think you are saying is there a way for SiteMinder to create a new user when it does not exist in the user store.

    The short answer is no.Siteminder is not an Identity Managment system.

    You could setup a redirect rule on on Authentication Attempt to redirect to a registration page for your Idenentity managment software that would then populate your User store with the new user.

    It is also probably possible to write a custom Authentication scheme to check to see if the user exists and if not to then go through a process of collecting the required information and creating the user.

    The last suggestion would be to contact your account team and CA service and let tthem help you build this type of solution.

    Hope this helps

    gene


  • 3.  Re: JIT provisioning?

    Posted Aug 14, 2018 08:29 AM

    The answer is a little different for SAML based applications, where SiteMinder is the Relying Party.

    SiteMinder does not support JIT provisioning by itself.  SiteMinder can redirect to an external JIT provisioning service/application to do the user provisioning if a user is not found in the defined User Directories.  The JIT provisioning system then responds back to SiteMinder so the user lookup step can be executed again.


    The following links provide more information on what is available in terms of Just In Time (JIT) provisioning with SiteMinder.

    Dynamic Provisioning of a User Identity at the Relying Party - CA SiteMinder® Federation Standalone - 12.52 SP1 - CA Tec… 
    User Provisioning at the Relying Party - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation