"Just-in-time" (JIT) provisioning in SAML configuration means that the user is created automatically by Chronicle SOAR after the user has logged in through their specific SAML login (such as Okta or Gmail).

In order to set this up, the admin needs to both define all the relevant fields in the Chronicle SOAR platform and then match them with the relevant SAML provider. 

Let's take a look at a use case for this. The admin wants to use just in time provisioning for users who log in via Okta.

To define JIT user provisioning for Okta users:

1.  Within the platform, navigate to Settings > Advanced > External Authentication.
2. Select Okta and fill out the mandatory parameters.
   
3. Select the JIT provisioning checkbox to display the relevant fields.
4. Navigate in  Okta to Directory > Profile Editor and see how each field is written there and then copy that into the field name in the Chronicle SOAR platform.
   
5. Make sure the fields are filled out in the Chronicle SOAR platform exactly the same as in Okta before saving.