We have successfully set up Okta SAML authentication with LiquidFiles. Currently, I create the new users manually in LF and in Okta and then, the login with Okta works. Is it possible to automatically provision the user in LF with JIT or some other method? Currently, if the user does not exist in LF, I get a "User could not be created" error in LF. What would I need to configure to make this work? Many thanks.
As we have discussed recently in the ticket, the SAML and LDAP auto-provisioning was meant for local users. But it can be used for external as well. The problem here is that you have likely set the "Admin > Groups > Default Group Assignment > Default Group for SSO" users set to the Local Users group. And when some external client is authenticated via the SSO service, according to this setting, should be assigned to the Local Users group which is not permitted. Then that error is showed. External clients have to be assigned to some Eternal users group. You can switch the "Default Groups for SSO Users" to the "No Default" option. Then set the "Default Groups for Local Users" to i.e. "Local Users" group. The "Default Fallback Group" switch to "External users".
