Just-in-time Provisioning for User Accounts

Introduction

The Just-in-time Provisioning solution automates the creation of user accounts in Zivver when users log in using Single Sign-On. This cloud-based solution can eliminate the need for manual account creation in the Webapp or setting up the Synctool for pre-synchronizing accounts from source systems. By leveraging this solution, the deployment can be simplified and adoption of Zivver within your organization can increase.

When a user logs in with Single Sign-On, their Zivver account is automatically created using the information provided by the Single Sign-On application. The user is seamlessly logged into Zivver without any noticeable interruption due to the account creation process.

In addition to using the Webapp or the Synctool for creating functional accounts and managing other account actions, you can also utilize Just-in-time provisioning for user account creation.

Prerequisites

  • Your Zivver organization must use Single Sign-On
  • Your Identity Provider’s SAML response needs to be ammended with a Zivver Domainkey. For Entra ID and ADFS this should work out of the box

Configuration

Please contact support@zivver.com if you want to use Just-in-time provisioning. Include in your request which Identity Provider (Entra ID, Okta, ADFS) your organization uses. Zivver support can help you configure Just-in-time provisioning.

Limitations

Domain limitation

Just-in-time provisioning can only be used for one domain per Zivver tenant.

User account limitations

The following account management operations still need to be performed manually in the Webapp or by using the Zivver Synctool.

  • Update the name or email address of a user account
  • Suspend or delete a user account
  • Add or remove delegate access to a user account
  • Add or remove an email aliases
  • Assign a user account to an Organizational Unit in Zivver
  • Special functions such as updating the ZivverAccountKey

Functional account limitations

Just-in-time provisioning only supports user accounts. This means that for functional accounts, the following account management operations still need to be performed manually in the Webapp or by using the Zivver Synctool.

  • Create a functional account
  • Update the name or email address of a functional account
  • Suspend or delete a functional account
  • Add or remove delegate access to a functional account
  • Add or remove an email aliases
  • Assign a functional account to an Organizational Unit in Zivver