Splashtop supports users/groups JIT (Just-in-Time) provisioning from your identity provider, please follow the below steps to set up.
Table of Contents
Microsoft Entra ID/Azure AD
Step 1: Set up SSO (Single sign-on)
Step 2: Configure JIT (Just-in-Time) on Microsoft Entra ID/Azure AD
2. On the Attributes Claims block, click Edit.
3. On the Edit page, click Add a group claim.
4. On the Group Claims setup, select Security Groups.
5. Click Save.
6. Done!
Step 3: Configure JIT (Just-in-Time) on Splashtop
1. When creating SSO method on my.splashtop.com, select Enable on JIT provisioning dropdown list (only available when using Azure AD as the IdP).
2. After SSO method saved, you can copy your JIT login URL, and wait for the SSO method to be verified.
3. Once SSO method being verified, you can start use JIT provisioning through JIT login URL.
Note: You can also come back my.splashtop.com to check your JIT login URL.
Frequently asked questions
- JIT provisioning supports both user and group provisioning. (If you do not want to provision Group info, can skip the above step 2.)
- For user provisioning, only the email address will be provisioned as the Splashtop account, other info won't be provisioned.
- JIT provisioning will only work to provision a new user. It won't work to update an existing user.
- The above introduced flow would work for a newly created SSO method. If you have an existing SSO method with Azure AD as the Idp type, and would like to enable JIT, please contact support.
Google Workspace
Step 1: Set up SSO (Single sign-on)
Step 2: Configure JIT (Just-in-Time) on Google Workspace
2. Go to Menu
3. In Third-party SSO profile for your organization, click Manage SSO profile assignments.
4. If this is your first time assigning the SSO profile, click Get started. Otherwise, click Manage.
6. Done! After you close the Manage SSO profile assignments card, you’ll see the updated assignments for organizational units and groups in the Manage SSO profile assignments section.
Step 3: Configure JIT (Just-in-Time) on Splashtop
1. When creating SSO method on my.splashtop.com, toggle on for JIT provisioning
2. After SSO method saved, you can copy your JIT login URL, and wait for the SSO method to be verified.
3. Once SSO method is verified, you can start using JIT provisioning through JIT login URL.
Frequently asked questions
- For user provisioning, only the email address will be provisioned as the Splashtop account, other info won't be provisioned.
- JIT provisioning will only work to provision a new user. It won't work to update an existing user.
Okta
Step 1: Set up SSO (Single sign-on)
Step 2: Configure JIT (Just-in-Time) on Okta
- On the created app, you can find the Provisioning tab, then click Configure API Integration:
- Check Enable API integration, insert below info:
OAuth Bearer Token: How to find my Secret token
Click Test API Credentials, you will get a successful result if configured correctly.
Step 3: Configure JIT (Just-in-Time) on Splashtop
1. When creating SSO method on my.splashtop.com, select Enable on JIT provisioning.
2. After SSO method saved, you can copy your JIT login URL, and wait for the SSO method to be verified.
3. Once SSO method being verified, you can start use JIT provisioning through JIT login URL.
Note: You can also come back my.splashtop.com to check your JIT login URL.