Waitwhile supports Just-in-Time (JIT) user provisioning so that your organization can allow new staff members to immediately get access to the Waitwhile platform, without having to be invited.
This technical guide covers configuration details.
Supported SAML assertion fields
1. locationIds
Comma-separated location IDs to which the user will be assigned.
Example
<saml2:Attribute Name="locationIds" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">PHVJPyzMZE2cs363YrXg,3zEENiB5VIclI6qdzOU1,2KFeB5DtP9D1BWjO4cao</saml2:AttributeValue>
</saml2:Attribute>
2. locationShortNames
Comma-separated location short names.
Example
<saml2:Attribute Name="locationShortNames" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">store-a,store-b,store-c</saml2:AttributeValue>
</saml2:Attribute>
3. locationShortNamePrefix
User will be assigned to all locations on the account matching the prefix.
Example
<saml2:Attribute Name="locationShortNamePrefix" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">store-</saml2:AttributeValue>
</saml2:Attribute>
4. accountId
Optional. Account ID to which the user will be assigned. If not specified, the account ID will be extracted from the given locations.
Example
<saml2:Attribute Name="accountId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">0fvAJf8TpjmD4NamnKMh</saml2:AttributeValue>
</saml2:Attribute>
5. roles
Optional. Comma-separated roles. If not provided the EDITOR role will be assigned.
Example
<saml2:Attribute Name="roles" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">EDITOR,ADMIN</saml2:AttributeValue>
</saml2:Attribute>
6. name
Optional. User’s name. If not provided the name will be extracted from the email.
Example
<saml2:Attribute Name="name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">John Doe</saml2:AttributeValue>
</saml2:Attribute>
Errors
Missing location IDs or location short names
No location IDs or location short names or location short name prefix given in the SAML assertion fields.
Provided locations do not belong to one account
Failed to extract one account ID from the given locations if the “accountId” is not provided.
Given location short name prefix matches more than one account.
Cannot resolve account for the provided locations
Failed to extract any account ID from the given locations if the “accountId” is not provided.
Cannot assign non-existing location(s)
One or more of the given location IDs do not exist.
Cannot assign non-existing location short name(s)
One or more of the given location short names do not exist.
Provided location short name prefix does not match any location
One or more of the given prefixes do match available location short names.
Have additional questions or need assistance? Reach out to us via chat or at support@waitwhile.com.