Waitwhile supports Just-in-Time (JIT) user provisioning so that your organization can allow new staff members to immediately get access to the Waitwhile platform, without having to be invited. This technical guide covers configuration details.
Just-in-Time (JIT) User Provisioning with Waitwhile
Waitwhile supports Just-in-Time (JIT) user provisioning to streamline user access through SAML-based SSO. With JIT enabled, your organization can automatically create user accounts and assign them to the appropriate resources without needing to send invitations.
This guide outlines how to configure JIT provisioning, the required and optional SAML assertion fields, and potential errors to watch out for.
Configuration Overview
To enable JIT provisioning, your SAML provider must include specific SAML assertion fields in the authentication response. These fields help Waitwhile determine where to assign the new user and what permissions to grant.
Supported SAML Assertion Fields
Field | Required | Description | Example |
locationIds | Yes (or one of the below location fields) | Comma-separated list of Location IDs. Used to assign users to specific locations. |
|
locationShortNames | Yes (alternative to | Comma-separated location short names. |
|
locationShortNamePrefix | Yes (alternative to | Assigns user to all locations starting with this prefix. |
|
accountId | Optional | If not provided, Waitwhile attempts to infer it from the location. |
|
roles | Optional | Comma-separated user roles. Defaults to |
|
name | Optional | User’s full name. Defaults to the email name if not provided. |
|
connectResource | Optional | If |
|
resourceCategoryId | Optional | ID of resource category to create a new resource in (if no email match). Only works if |
|
Example SAML Assertion Snippet
<saml2:Attribute Name="locationIds" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">
PHVJPyzMZE2cs363YrXg,3zEENiB5VIclI6qdzOU1
</saml2:AttributeValue>
</saml2:Attribute>
Common Errors
Error Message | Explanation |
Missing location IDs or short names | You must provide at least one of: |
Locations do not belong to a single account | All locations provided must be under the same Waitwhile account unless |
Cannot resolve account from locations | If |
Invalid or non-existing location IDs | Make sure all provided location IDs exist and are valid. |
Invalid or non-existing short names | Ensure all short names match existing locations in your Waitwhile account. |
Short name prefix matches multiple accounts | Prefix should only match locations from one account. |
Have additional questions or need assistance? Reach out to us via chat or at support@waitwhile.com.