Give Anyone Access to Self Service
Just-in-time (JIT) provisioning of user access has been supported by Xurrent for a few years already.Β Β Xurrentβs advanced single sign-on capabilities have also supported OpenID Connect for a while now.Β Whatβs new is that Xurrent allows OpenID Connect and JIT provisioning to be combined. That makes it possible to give people, who do not yet have a person record in Xurrent, access to Xurrent Self Service with their Google, LinkedIn or Microsoft account credentials.
Setting this up is pretty easy.Β After creating the app or project in the identity provider, a Xurrent account owner can go to the βSingle Sign-onβ section of the Settings console.Β There it is possible to add another single sign-on configuration for the identity provider, for example for Google.
The result is that people are able to access the organizationβs self-service portal with their Google account.Β If they are already logged into their Google account, they will be given access to Xurrent, even if they do not have a person record in Xurrent yet.Β Thatβs because Xurrentβs JIT provisioning ensures that, before providing access, the information from a personβs Google account is used to generate a new person record.Β This person record gets populated with the name, email address, picture and language preference that is stored in his or her Google account.
The next time this person attempts to access Xurrent using with his or her Google accountβs credentials, Xurrent will recognize that the person record already exists and provide access without creating another person record.Β If the JIT attributes (or claims) included in the response from Google contain updated information, the Xurrent person record gets updated automatically.
This works not only for Google, but for any identity provider that supports the OpenID Connect protocol.Β Since many governments already provide their citizens online access using an identity provider that supports OpenID Connect, it is now possible for these governments to give their subjects secure self-service access to Xurrent without having to create a person record in Xurrent for every citizen.