Set up Just-in-Time (JIT) provisioning to automate user creation in Cloud Observability.
With JIT provisioning, first-time users can log into Cloud Observability with their Identity Provider (IdP) credentials. Cloud Observability automatically creates their account and assigns them a default role.
Only users with administration permissions can set up JIT provisioning with Cloud Observability.
The steps below assume you have a Cloud Observability Enterprise account and an IdP (for example, Microsoft Entra ID or Okta). For conceptual information about managing users and roles, visit User and role management.
Follow these steps to authorize your domain with Cloud Observability:
In Cloud Observability, select Settings > User management > Additional settings.
Below JIT Provisioning, select Add domain.
In the dialog, enter your domain’s URL and select Confirm.
Users with that domain in their email can now log into Cloud Observability. Cloud Observability automatically creates their account and assigns them the default role. You can manually change their role once they’re in the system.
Follow the steps below to remove an authorized domain from Cloud Observability.
When you remove a domain, first-time users can’t log into Cloud Observability with their IdP credentials. Existing users associated with that domain can still log in.
In Cloud Observability, select Settings > User management > Additional settings.
Below JIT Provisioning, find the relevant domain and select ⋮ > Delete.
Cloud Observability displays <domain> removed from <organization>.
Visit the links below to learn more about managing users and roles in Cloud Observability.
Roles and permissions reference
Updated Nov 7, 2024