Home / Companies / SSOJet / Blog / Post Details
Content Deep Dive

Azure AD JIT Provisioning: How Just-in-Time User Creation Works

Blog post from SSOJet

Post Details
Company
Date Published
Author
Devraj Patel
Word Count
2,364
Company Posts That Month
10
Language
English
Hacker News Points
-
Post removed?
No
Summary

Orchid Security's Identity Gap 2026 Snapshot highlights that 40% of accounts remain orphaned, largely due to just-in-time (JIT) provisioning, which creates user accounts instantly on first login via Microsoft Entra ID's SAML assertion but lacks automatic deprovisioning capabilities. This gap arises because JIT provisioning only triggers during user authentication and does not address account removal when employees leave, contributing to security vulnerabilities. SCIM provisioning complements JIT by managing the entire account lifecycle, including deprovisioning through REST API calls initiated by directory changes in Entra ID. Most enterprises combine JIT for rapid onboarding with SCIM for accurate lifecycle management, ensuring accounts are both promptly created and appropriately deactivated. SSOJet exemplifies this integration by using JIT for initial account creation and SCIM for ongoing account management, operating on a consistent identity key to prevent orphaned accounts and enhance security.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.