Perfecto supports internal password-based authentication and external authentication through an identity provider (IdP):
-
If your organization uses multiple IdPs, select the required IdP when configuring the user.
-
The Perfecto username should match the IdP username. If not, specify an IdP username when adding or editing the user.
-
JIT (just-in-time) provisioning creates users automatically on first IdP login, often without roles or group assignments. To ensure correct access, create external users manually before their first login.
-
JIT can be disabled on request, requiring all external users to be created manually.
Role management and IdP
Managing roles locally in Perfecto is not recommended for large or enterprise environments. Local role management should only be used for small clouds or simple setups.
If your organization uses Single Sign-On (SSO) with an external IdP, your IT policies and IdP configurations override any local permissions in Perfecto. For consistent and secure access control, use your IdP to manage roles and privileges.
To learn more about IdP configuration, see Federated SSO for external IdP.