Share your ideas

Just in Time SSO User Provisioning

For Acoustic.com, requesting to have "Just in Time Provisioning" added for SSO integrations. This means giving an option to turn this on for SSO self-service integrations, and users from a particluar @emaildomain.com can be automatically onboarded, and added to a given Org/Account.

We recommend tying this to a SAML assertion, so that it only onboards to accounts that have specific headers or values passed, such as roles. If a role is present in a header, it can be mapped to activation of some kind within Acoustic accounts.

Example, if header, roles are comma delimited (or other delimiter):

user_role=tealeaf_account1,campaign_account2
Then the user will be granted access to a specific account in Tealeaf SaaS, and a specific account in Campaign.

Note that this must be checked EACH TIME on login. If access is REVOKED, meaning it is no longer in the header, then access must be removed for that user to that account/org.

  • Dieter Davis
  • Feb 14 2022
How will this idea be used?

This will enable users to be onboarded more easily, increase the adoption and ROI of the platform for enterprise clients. Right now there are multiple steps and waiting for a user to be given access to Tealeaf. With this, they can be onboarded nearly instantly, and automatically.

Additional value is better user security administration as well as managing attrition, if a user changes roles in an organization. All of that can be divested from having to do it in a system that is disconnected from an enterprise controls.

What is your industry? Financial Markets
What is the idea priority? High