Just In Time Provisioning for Federated Users
In the federated SSO scenario the Identity Cloud Service users and groups are imported from the external identity provider's data repository.
• Evaluate the groups created in the Identity Domain as a result of sync with external Identity Provider and determine whether to use them for Just In Time provisioning purpose.
• Login to the OUAF-based application and set up Template Users that represent authorization levels corresponding to the IAM groups synchronized from the external provider.
• Configure the Group - Template User mapping in the Identity Management Integration Master Configuration.
See
Configuring Just in Time Provisioning for more detailed configuration instructions.