Just In Time Provisioning for Federated Users
In the federated SSO scenario the Identity Cloud Service users and groups are imported from the external identity provider's data repository.
• Evaluate the groups created in Identity Cloud Service as a result of sync with external Identity Provider and determine whether to use them for Just In Time provisioning purpose.
• Login to the OUAF-based application and set up Template Users that represent authorization levels corresponding to the Identity Cloud Service groups synchronized from the external provider.
• Configure the Identity Cloud Service Group - Template User mapping in the Master Configuration.
See
Configuring Just in Time Provisioning for more detailed configuration instructions.