Skip to main content

Documentation

Using Just In Time (JIT) account provisioning

Just In Time (JIT) account provisioning is an optional feature that creates an SSO login portal to your organization on data.world. When this feature is enabled, you will have a SSO-enabled login page created at https://data.world/{your organization}/login.

Caution

JIT is always enabled for private instances. Please open a support ticket if there are questions about which org it is assigning users too.

Note

To request new users be added to one more orgs upon JIT SAML user provisioning, send a ticket to support with the org IDs of the org or orgs that you want users to be automatically provisioned to, as well as the permissions that you want those users to default with (basic member vs. contributor vs. admin), and the support team will implement that configuration change for you.

jit-login.png

If someone has the data.world app assigned to them in their SSO provider profile but does not yet have a data.world account:

  • a new data.world account will be created for them automatically when they click the link on this page

  • their data.world username will be firstname-lastname, based on the name that exists in their SSO profile

  • they will not be given a password - they will need to login using the same login page in the future and authenticate via SSO

  • they will be granted membership to the organization on data.world with the Member level of organization membership

If someone has the data.world app assigned to them in their SSO provider profile, has a data.world account, and is a member of the organization:

  • they will be logged into data.world if they have validated recently through the SSO provider

  • if they haven't validated through the SSO provider recently, they will be redirected to the SSO provider's login page, and then redirected to data.world upon completion of the SSO login

  • they will land on the data.world organization's homepage (as opposed to their individual account's homepage) upon login

If someone has the data.world app assigned to them in their SSO provider profile, has a data.world account, and is NOT a member of the organization on data.world:

  • they will be logged into data.world, but redirected to their individual homepage.

  • they will not be granted automatic membership to the organization

  • an admin of the organization on data.world will need to manually invite them to the organization

  • this case occurs when someone signs up for a data.world account before SSO is enabled for their organization, or if they create an account on data.world without using the special login page described at the top of this section

If someone does not have the data.world app assigned to them in the SSO provider profile:

  • an SSO provider admin will need to add the data.world app to the user's SSO provider profile

  • after data.world is added SSO to the provider profile, they will be able to create a new account through the login page described in this section