Just-in-Time Provisioning
JIT Provisioning.
A pattern where a SaaS application auto-creates a user record on the user's first SSO login, populated from the SAML or OIDC assertion attributes.
JIT is the cheaper half of the lifecycle stack, it handles first-login without infrastructure, but cannot remove users when they leave. Combine JIT with SCIM for the full lifecycle, or accept that users will linger in the SaaS until manually cleaned up.
Common questions
Do I need JIT and SCIM both?
How does JIT handle deprovisioning?
What attributes can JIT populate?
Related terms
In the guides
B2B SaaS Identity: Organizations, SSO, SCIM, and the Enterprise Sales Checklist
How to design B2B SaaS identity: Organizations, Enterprise SSO with SAML and OIDC, SCIM provisioning, audit logs, and the IT-admin features that close enterprise deals.
SCIM Provisioning: A B2B SaaS Practitioner's Guide
SCIM 2.0 is the standard protocol for automated user provisioning between IdPs and SaaS apps. How it works, why it matters at 1000-seat scale, and what production deployments need.