Perfecto automatically supports user bases defined in an external IdP based on SSO. This is called just-in-time (JIT) user provisioning.
Installations of Perfecto at sites that support an external IdP, for example OKTA or CA, with registered users or groups do not need to redefine each user in the Perfecto user management system. With Perfecto's support of external IdP through its Single Sign-On (SSO) system, users that sign in through their local IdP providing their credentials to the IdP are automatically provisioned as users of Perfecto.
Configuration
To change the default configurations of this feature, contact Perfecto Support.
Users generated using this JIT system have the following characteristics:
- The username/user ID is identical to the username/user Id supplied by the IdP system to Perfecto.
- All users are created without Perfecto Roles. Default roles may be configured per request.
- All users are created without a group. A single group may be configured per request.
- All users are created without device tokens, an unlimited account, or device tokens.
You can also configure external users manually in the Users view to ensure that they have the required role and group assignments in Perfecto when they log in for the first time.
Administrative features
Additional features configurable for Perfecto include designating a set of users to be generated as admin users, with administrator roles. If interested in this feature, open a support ticket and request the creation of a configuration file.
