Set up Just-In-Time User Provisioning via Microsoft Entra
You can enable Just-In-Time User Provisioning when setting up the identity provider integration. Read more: Single Sign-On via Microsoft Entra AD.
When JIT is enabled and a new user logs in via SSO, Creatio automatically adds a new user, grants them all available licenses, and creates a corresponding contact. The contact columns are populated based on the columns mapped in the SAML settings in Creatio. To map additional columns:
- Click
to open the System Designer. - Go to the Users and administration block → Single Sign On configuration.
- Go to the SAML data to contact fields mapping expanded list → double-click any column value (Fig. 2). This opens a lookup page.
Fig. 2 SAML data to contact fields mapping expanded list 
- Click New on the lookup page.
- Enter the Entra AD column name in the SAML field attribute column.
- Click
→ select the corresponding contact field in the Contact field name column. - Click
. - Repeat steps 5-7 for other relevant columns.
As a result, when an existing user logs in via SSO, their Username Creatio field will be mapped to the value of the Unique User Identifier (Name ID) claim in Entra. For example, if the claim value is set to user email and the user logs in as example@outlook.com via SSO, the Username field in Creatio must have the same value. You can change the value of this claim in Entra if needed.