Set up Just-in-Time (JIT) provisioning to automate user creation in Cloud Observability.
With JIT provisioning, first-time users can log into Cloud Observability with their Identity Provider (IdP) credentials. Cloud Observability automatically creates their account and assigns them a default role.
Before you begin
Only Organization Admins and Organization Billing Admins can set up JIT provisioning with Cloud Observability.
The steps below assume you have a Cloud Observability Enterprise account and an IdP (for example, Microsoft Entra ID or Okta). For conceptual information about managing users and roles and possible setups, visit User and role management.
Set up JIT provisioning
Follow these steps to authorize your domain with Cloud Observability:
-
In Cloud Observability, click Settings > User management > Additional settings.
-
Below JIT Provisioning, click Add domain.
-
In the dialog, enter your domain’s URL and click Confirm.
Users with that domain in their email can now log into Cloud Observability. Cloud Observability automatically creates their account and assigns them the default role. You can manually change their role once they’re in the system.
Deactivate JIT provisioning
Follow the steps below to remove an authorized domain from Cloud Observability.
When you remove a domain, first-time users can’t log into Cloud Observability with their IdP credentials. Existing users associated with that domain can still log in.
-
In Cloud Observability, click Settings > User management > Additional settings.
-
Below JIT Provisioning, find the relevant domain and click ⋮ > Delete.
Cloud Observability displays <domain> removed from <organization>.
Visit the links below to learn more about managing users and roles in Cloud Observability.
See also
Updated Jul 21, 2023