Thanks for the video. Is there a way to automatically propagate the changes without waiting for the user to login in the SP org by configuring call outs from IDP org? I understand we can write code to achieve this. Also what is the difference in usage use case between this and the login flow?
Well usually SAML Jit handler is used for complex case scenarios for instance let's say a user is getting authenticated via Azure SSO and roles are configured in Azure and based on that roles user should be assigned to say different profile and permission set automatically when they log in. Similarly when roles are changed that should automatically reflect on the user object next time when the user logs in. Doing that via flow will be messy. Call out to IDP org will be an overkill and why would u actually want that. The user still has to login to salesforce to access stuff. Unless you thinking of different case scenarios which I am not aware of. Regarding Login flow, it is mainly used to customise login experience where user will be prompted with an interface aay may be to select an MFA mode or fill out missing user detail. Both Saml and Login flow servers have different use cases. I do understand this video explains basic saml jit scenario
good one
Thanks for this tutorial.
Thanks for the video. Is there a way to automatically propagate the changes without waiting for the user to login in the SP org by configuring call outs from IDP org? I understand we can write code to achieve this. Also what is the difference in usage use case between this and the login flow?
Well usually SAML Jit handler is used for complex case scenarios for instance let's say a user is getting authenticated via Azure SSO and roles are configured in Azure and based on that roles user should be assigned to say different profile and permission set automatically when they log in. Similarly when roles are changed that should automatically reflect on the user object next time when the user logs in. Doing that via flow will be messy. Call out to IDP org will be an overkill and why would u actually want that. The user still has to login to salesforce to access stuff. Unless you thinking of different case scenarios which I am not aware of. Regarding Login flow, it is mainly used to customise login experience where user will be prompted with an interface aay may be to select an MFA mode or fill out missing user detail. Both Saml and Login flow servers have different use cases. I do understand this video explains basic saml jit scenario
Yes you can via provisioning soluitions - either via Salesforce's User APIs or via the SCIM API