Before you begin:
- Enable SAML authentication.
- Configure your identity provider to add the required attributes to your assertion.
- Add any optional attributes to the assertion that your identity provider (IdP) can include.
- Have the Administrator role.
To complete this task:
In the Veracode Platform, click the gear icon in the top menu and select Admin.
Click the JIT Provisioning tab.note
You cannot make changes to this tab unless you have provided the settings on the SAML tab.
In Organization Settings, set Configure default settings for Just-In-Time user provisioning to On.
In User Data Updates, choose how the Veracode Platform handles conflicts between data in the SAML assertion and data in the Veracode Platform with these options:
Prefer Organization Identity Provider Data: the IdP of the organization controls the configuration of the user. The Veracode Platform is updated with the data that is in the SAML assertion. This setting allows the IdP to automatically update fields that may change, such as email address, phone number, last name, roles, and team assignments.note
After you set this option, you cannot update the authentication type for existing users or update users with the Identity APIs because the identity provider controls all user information.
Prefer Veracode User Data: the Veracode Platform ignores any changed data in the SAML assertion.
Choose which default attributes to set on individual users. Veracode requires that you either specify the default Veracode user role in the SAML attributes or the SAML assertion data. If you do not set a default user role, the user cannot log in.
If you disable JIT provisioning, you must manually add and update users in the Veracode Platform. Additionally, Veracode deletes your existing JIT settings, which you must re-configure if you reactivate JIT. Disabling JIT provisioning does not prevent existing users from logging in.