Reachdesk users created automatically on the first login!!!
When SAML2 is configured and Just-in-Time (JIT) Provisioning is enabled, any non-user accessing Reachdesk via SSO will automatically have their Reachdesk account created on their first sign in.
With this feature, admins don’t need to create new users every time their teams grow!
What providers can be used for JIT provisioning?
- This feature is compatible with Salesforce, Google, Okta, Onelogin and any provider that supports SAML2 authentication.
How can JIT provisioning be enabled?
- Just-in-Time (JIT) Provisioning can be enabled in the Single Sign On page of Reachdesk.
How are new users created?
- New Reachdesk users created via JIT provisioning are automatically granted the “Sender” role.
- If the user group name included in the authentication provider matches a Reachdesk team name, users are automatically assigned to a team with that name. For example:
- users in Okta are in a group called “Marketing” and there is a "Marketing" team in Reachdesk
- users will automatically be assigned to the “Marketing” team in Reachdesk
- If there is no matching Reachdesk team name, the user will still be created, but the user will not be assigned to a team. For example:
- users in Okta are in a group called “UK Sales” and there is no "UK Sales" team in Reachdesk
- users will automatically be created with no team assignment
What happens if the user's group changes?
- Since JIT provisioning only works when the user first logs in via SSO, there is no change to the user's team in Reachdesk.
What happens if the user is deactivated in the SAML identity provider?
- The user will still remain active in Reachdesk. We currently do not support automatic de-provisioning via SCIM.
Any questions, please contact firstname.lastname@example.org!