Skip to main content

Configure JIT provisioning

Before you begin:

To complete this task:

  1. In the Veracode Platform, click the gear icon in the top menu and select Admin.

  2. Click the JIT Provisioning tab.


    You cannot make changes to this tab unless you have provided the settings on the SAML tab.

  3. In Organization Settings, set Configure default settings for Just-In-Time user provisioning to On.

  4. In User Data Updates, choose how the Veracode Platform handles conflicts between data in the SAML assertion and data in the Veracode Platform with these options:

    • Prefer Organization Identity Provider Data: the IdP of the organization controls the configuration of the user. The Veracode Platform is updated with the data that is in the SAML assertion. This setting allows the IdP to automatically update fields that may change, such as email address, phone number, last name, roles, and team assignments.


      After you set this option, you cannot update the authentication type for existing users or update users with the Identity APIs because the identity provider controls all user information.

    • Prefer Veracode User Data: the Veracode Platform ignores any changed data in the SAML assertion.

  5. Choose which default attributes to set on individual users. Veracode requires that you either specify the default Veracode user role in the SAML attributes or the SAML assertion data. If you do not set a default user role, the user cannot log in.

  6. In SAML Format Settings, select the SAML attributes that you provide in comma-separated value (CSV) format. For the unselected values, you must provide the SAML data in multi-valued attribute format. See example values for each format.

  7. Click Save.

If you disable JIT provisioning, you must manually add and update users in the Veracode Platform. Additionally, Veracode deletes your existing JIT settings, which you must re-configure if you reactivate JIT. Disabling JIT provisioning does not prevent existing users from logging in.