Just In Time Provisioning

This feature automates the local user account management on Windows systems, ensuring seamless access for users authenticated through Cross Identity while adhering to the organization's security policies.

Prerequisites:

• User must be present in Cross Identity.

• User must have authenticated into Cross Identity.

• User must be registered with the MFA options.

• Windows system should be a non-domain joined/ Standalone system.

Working:

1. Ensure that the user is not present in the Windows system.

2. Authenticate into CWL using Cross Identity credentials. User will be prompted to enter the CI and Windows credentials (enter the CI password for Windows).

   

   Note:

   Successful authentication is a must for further actions by the CWL agent.

3. Upon successful authentication, the CWL agent checks the local user management system to determine if the user already exists.

   

4. If the user is not found in the local system, the CWL agent automatically creates a new local account.

   

5. The new account uses the username and password provided through Cross Identity.

6. Once a user is created, the user will be prompted to go through the MFA validation.

   

7. Based on the selection of MFA (for example: Challenge Response), the CWL agent validates the response and provides access to the user to the Windows system.

   

8. User will be logged in successfully into the standalone system.