Waitwhile

Waitwhile supports Just-in-Time (JIT) user provisioning so that your organization can allow new staff members to immediately get access to the Waitwhile platform, without having to be invited. This technical guide covers configuration details.

Just-in-Time (JIT) User Provisioning with Waitwhile

Waitwhile supports Just-in-Time (JIT) user provisioning to streamline user access through SAML-based SSO. With JIT enabled, your organization can automatically create user accounts and assign them to the appropriate resources without needing to send invitations.

This guide outlines how to configure JIT provisioning, the required and optional SAML assertion fields, and potential errors to watch out for.

To enable JIT provisioning, your SAML provider must include specific SAML assertion fields in the authentication response. These fields help Waitwhile determine where to assign the new user and what permissions to grant.

&lt;saml2:Attribute Name="locationIds" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"&gt; &lt;saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string"&gt; PHVJPyzMZE2cs363YrXg,3zEENiB5VIclI6qdzOU1 &lt;/saml2:AttributeValue&gt; &lt;/saml2:Attribute&gt;

___________________________________________________________

<img src="https://downloads.intercomcdn.com/i/o/1110512370/a54bf2ca056ef22e72c30e91/image.png?expires=1753488000&amp;signature=70e92d553521ec603434b92b173005a3207004b0fe2739b9c9d0e34e5566716d&amp;req=dSEmFsx%2Fn4JYWfMW3Hu4gRyVRTcJwPpQzp0YhpIKMqZmmAqAO9xdCME0NX7Q%0A8Q%3D%3D%0A" width="18" alt=""> Have additional questions or need assistance? Reach out to us via chat or at <a href="mailto:support@waitwhile.com" rel="nofollow noopener noreferrer" target="_blank">support@waitwhile.com</a>.

Technical details for configuring Waitwhile for SSO JIT user provisioning

SSO Just-In-Time user provisioning guide

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Field	Required	Description	Example
locationIds	Yes (or one of the below location fields)	Comma-separated list of Location IDs. Used to assign users to specific locations.	`PHVJPyzMZE2cs363YrXg,3zEENiB5VIclI6qdzOU1,2KFeB5DtP9D1BWjO4cao`
locationShortNames	Yes (alternative to `locationIds`)	Comma-separated location short names.	`store-a,store-b,store-c`
locationShortNamePrefix	Yes (alternative to `locationIds`)	Assigns user to all locations starting with this prefix.	`store-`
accountId	Optional	If not provided, Waitwhile attempts to infer it from the location.	`0fvAJf8TpjmD4NamnKMh`
roles	Optional	Comma-separated user roles. Defaults to `EDITOR`.	`EDITOR,ADMIN`
name	Optional	User’s full name. Defaults to the email name if not provided.	`John Doe`
connectResource	Optional	If `true`, links the user to a resource with the same email.	`true`
resourceCategoryId	Optional	ID of resource category to create a new resource in (if no email match). Only works if `connectResource` is `true`.	`pYidP6iudNL3T880V3tY`

Error Message	Explanation
Missing location IDs or short names	You must provide at least one of: `locationIds`, `locationShortNames`, or `locationShortNamePrefix`.
Locations do not belong to a single account	All locations provided must be under the same Waitwhile account unless `accountId` is explicitly set.
Cannot resolve account from locations	If `accountId` is not provided and no account can be determined from the locations, provisioning fails.
Invalid or non-existing location IDs	Make sure all provided location IDs exist and are valid.
Invalid or non-existing short names	Ensure all short names match existing locations in your Waitwhile account.
Short name prefix matches multiple accounts	Prefix should only match locations from one account.

SSO Just-In-Time user provisioning guide

Just-in-Time (JIT) User Provisioning with Waitwhile

Configuration Overview

Supported SAML Assertion Fields

Example SAML Assertion Snippet

Common Errors