Spekit supports Just In Time or JIT provisioning, so here are some items to know:
1.) When the SSO configuration for Spekit is started, only the SAML portion is completed, and SCIM is not needed.
2.) When JIT is configured, the account is created and the user management in Spekit is done manually by the users in Spekit who have the Spekit Account Admin role.
- Example: If someone leaves their company then their account must be manually disabled in Spekit because JIT cannot remove their account automatically.
3.) With JIT, accounts are created upon a user's first login.
- Example: When a user gets assigned the Spekit app in Okta when they click the Spekit tile in Okta if this is their first time getting logged in, their Spekit account will be created.
4.) Groups or Teams as they are referred to in the Spekit WebApp, are to be created and managed by the people in your organization who have the Spekit role of Spekit Account Admin.
5.) Accounts provisioned with JIT will be added to the default Spekit Team of All Spekit Users as a Viewer role by default. Spekit Account Admins manually manage additional custom-created Team access.
6.) There are multiple ways to get signed into the Spekit Chrome Extension, so the SSO IDP administrator can decide how they want to direct users.
7.) Users do not need to constantly re-authenticate to the Extension once they've logged in once.
8.) The IDP admin will need to assign the Spekit tile in Okta to any users who need access to Spekit.