Set Time Zone with OpenID Connect and JIT


When Just-in-Time (JIT) provisioning is activated in an OpenID Connect single sign-on configuration, a new person record is automatically generated when someone who is not yet registered in 4me is trying to access 4me Self Service.  In such cases, 4me’s JIT functionality asks the identity provider to return several claims so that it can add the following information to the new person record:

  • Name — uses the name claim, or if not provided, the given_namemiddle_name and family_name claims
  • Email address — uses the email claim
  • Picture — uses the picture claim
  • Language preference — uses the locale claim
  • Time zone — uses the zoneinfo claim

This last piece of information is new.  It ensures that people see date and time information (such as the resolution target of requests) in their time zone, rather than the default time zone of the account in which their person record is registered.

Unfortunately, the most commonly used identity providers (like Microsoft, Google and Apple) do not yet support the zoneinfo claim by default.  Once they start to do this, though, 4me will automatically pick it up and use it to set the time zone preference in the new person records that the JIT provisioning functionality generates.

4me person record generated by JIT using OpenID Connect claims