Unison’s light weight workflow engine provides two mechanisms for user provisioning. The first mechanism, known as “Just-In-Time” (or JIT) provisioning and web services based provisioning.
JIT provisioning can create or update user accounts and entitlements based on external data such as attributes in a SAML assertion. This lets Unison create accounts without having a direct connection to your directory, making it ideal for clouds where you don’t want to expose your internal directories to an external network.
In addition to JIT provisioning, Unison provides a JSON based web service for requesting, approving and provisioning accounts. This API can be used to build an identity service, track requests and provide reports.