[IdP] About just-in-time user provisioning

Back to Forums

Masahiro Harahata

Question

Forge

Traditional Web

Application Type

Traditional Web

Is it possible to turn off JIT provisioning by using Idp?

If so, are there any operational risks associated with turning it off?

For example, information linked by SAML authentication will no longer be linked.

02 Jun 2025

Wei Zhu

It seems you want to turn off Automatic User Provision that will auto create user if user not exist.
This feature can be disabled in SP Connector Internal Setting.

Usually user will be redirect to your external IdP(Azure, Okta, etc) for authentication.
After authentication, user will be redirect back to OutSystems.
At this point, if user not exist and Automatic User Provision is disabled
User_Check action will return invalid and error message will be displayed.

Regards
Wei

15 Aug 2025

Mandar Deshpande

Hi @Masahiro Harahata

Turning it off changes the authentication model significantly:

New Users will be blocked
SAML Attribute Updates won’t propagate
There would be risk of Identity mismatch
Increased Administrative Overhead

05 Mar

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.

See the full guidelines