Just-In-Time User Provisioning: User Types and Roles
Reference user types and roles supported during JIT provisioning
When users are created in Foundry through Just‑In‑Time (JIT) provisioning, certain User Type and Role values can be passed in the SAML assertion. These values are case‑sensitive and must match Foundry’s supported options.
While admin user types and roles are included below for completeness, it is uncommon and not recommended to provision users directly into admin roles during SSO.
Supported user types and roles for JIT provisioning
| Use case | Group of people | User Type | Role |
|---|---|---|---|
| Employee training | Learners who will complete assigned courses | cc_learner |
supervisor or non_supervisor |
| Foundry administration | Administrators managing the platform | cc_admin |
primary secondary (only if Teams is enabled) |
| Adult financial education | Learners accessing financial education content | next_learner |
learner |
| Adult financial education admin | Administrators managing financial education programs | at_work_manager |
primary secondary (only if Teams is enabled) |
| Events | Volunteers | event_volunteer |
Omit role property or use default |
| Events | Staff | event_staff |
Omit role property or use default |
| Events | Administrators | event_manager |
primary |
Important notes
- User Type and Role values must be valid and compatible
- If a User Type is provided in the SAML assertion, the Role must also be valid for that User Type
- If an invalid combination is sent, user creation will fail
- Categories and Labels cannot be assigned during JIT provisioning and must be applied after user creation