Disabling JIT Provisioning in Docker

4th chunk of `content/manuals/security/for-admins/provisioning/just-in-time.md`

90c4b7a534ccc5ea1a9e97366998e247483dcc5b3a2d09130000000100000451



## Disable JIT provisioning

> [!WARNING]
>
> Disabling JIT provisioning may disrupt your users' access and workflows. With JIT disabled, users will not be automatically added to your organization. Users must already be a member of the organization or have a pending invitation to successfully sign in through SSO. To auto-provision users with JIT disabled, [use SCIM](./scim.md).

You may want to disable JIT provisioning for reasons such as the following:

- You have multiple organizations, have SCIM enabled, and want SCIM to be the source of truth for provisioning
- You want to control and restrict usage based on your organization's security configuration, and want to use SCIM to provision access

Users are provisioned with JIT by default. If you enable SCIM, you can disable JIT:

1. In the [Admin Console](https://app.docker.com/admin), select your organization.
2. Select **SSO and SCIM**.
3. In the SSO connections table, select the **Action** icon and then **Disable JIT provisioning**.
4. Select **Disable** to confirm.

Title: Disabling JIT Provisioning in Docker

Summary

This section explains how to disable JIT (Just-In-Time) provisioning in Docker, highlighting potential disruptions to user access and workflows. It outlines scenarios where disabling JIT might be beneficial, such as when using SCIM (System for Cross-domain Identity Management) for provisioning or controlling access based on organizational security configurations. The steps to disable JIT provisioning within the Docker Admin Console are provided.