NOTE: The ability to enroll in an organization is currently in invitation only, limited beta.
SAML authentication supports Just-in-Time User Provisioning. Enabling this option allows for on-the-fly creation of a team member the first time they try to log in. This eliminates the need to create team members in advance. For example, if you recently added an employee to your company, you don't need to manually create the team member in Lacework.
With the introduction of the SAML JIT option and the ability to enroll in an organization, the following workflows are available for existing accounts:
- Continue to use Lacework at the account level and continue to use SAML for authentication only
- Enroll your Lacework account in an organization and continue to use SAML for authentication only
- Continue to use Lacework at the account level and add SAML JIT user provisioning to SAML authentication
- Enroll your Lacework account in an organization and add SAML JIT user provisioning to SAML authentication
To use SAML JIT user provisioning, you must add and define additional attributes in your SAML identity provider.
To enroll an account in an organization, you must complete a one-time enrollment process.
For accounts within an organization, authentication mechanisms at the account level do not apply. You must set authentication at the organization level.
For detailed information about configuring JIT, see the steps for your SAML identity provider: