Curam Ideas Portal

Shape the future of Curam!

We invite you to shape the future of Curam, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Post your ideas

Start by posting ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the Curam team to refine your idea

Help Curam prioritize your ideas and requests

The Curam team may need your help to refine the ideas so they may ask for more information or feedback. The offering manager team will then decide if they can begin working on your idea. If they can start during the next development cycle, they will put the idea on the priority list. Each team at Merative works on a different schedule, where some ideas can be implemented right away, others may be placed on a different schedule.

Receive notification on the decision

Some ideas can be implemented at Merative, while others may not fit within the development plans for the product. In either case, the team will let you know as soon as possible. In some cases, we may be able to find alternatives for ideas which cannot be implemented in a reasonable time.


Merative External Privacy Statement: https://www.merative.com/privacy

Add a new idea Subscribe
Status Future consideration
Categories Universal Access
Created by michael wallach
Created on Jun 6, 2025

RELATED IDEAS

Add Just in Time (JIT) User Provisioning During SSO Flow

ESDC has a requirement for JIT provisioning of citizens in Curam during the SSO authentication flow. The flow will need to determine if the user exists in Curam and if they don’t, register the user before completing the SSO flow. The requested high-level flow is as follows:

  • Citizen navigates to Government of Canada site and creates a profile with their personal data. (Name, SIN, Address etc.)

  • Citizen logins into Canada site with credentials

  • Citizen clicks a link to navigate to Universal Access so that they can submit an application to the government. This starts an IdP initiated authentication flow with Curam/UA.

  • At this point there needs to be a check to determine if the citizen exists in UA.

    • If the citizen exists, the SSO flow will proceed as normal

    • If the citizen doesn’t exist, the citizen will have an account automatically created in Curam using details provided by the IdP. Once the account is created, the SSO flow can proceed as normal.

  • Citizen is authenticated in UA and directed to their UA portal landing page.

To handle the JIT provisioning there were three options that were dicussed with ESDC, listed in order of preference:

1) Government of Canada IdP creates client in Curam

This option would required two new Curam APIs:

  • API to determine if client exists.

  • API to create a client

The IdP would ensure the user existed before initiating the SSO flow.

2) Curam creates client by calling IdP API

UA would need logic to check if the user exists once the SSO flow is initiated. If it doesn’t, a call will have to be made back to the IdP to get the required details to create the account in Curam. The SSO flow will proceed as normal once the account is created.

3) Curam creates client using attributes in SSO token

This option is similar to option 2 where Curam will create the account. The difference with this option is that UA would use the attributes in the SAML token/OIDC JWT to create the account in Curam. The issue with this option is that the attributes would always be passed to curam with every SSO flow, even when they aren’t required. ESDC Security teams may not support this option.

Customer Name ESDC
Market Segment Eligibility & Entitlement
Type of Request Customer Requirement
Market Opportunity

This is a common feature that other customers using UA and SSO could leverage
Usage frequency + #/type of users impacted

Would be used by any citizen using the Government of Canadas
CURAM:Workarounds + Proposed Solution

The workaround today is a non compliant customization of the Curamloginmodule class file in registry.jar. ESDC added code to this class to create an account for the client if required.

  • Attach files
  • Admin
    ANGELA BRADY
    Jun 9, 2025

    Hi Michael,

    We have reviewed your enhancement suggestion.

    Based on the information provided, our understanding of your request is as follows:

    • Provide support for customers to implement Just in Time user provisioning during single sign-on

    The theme is aligned with our current multi-year strategy for our product, and we have accepted your suggestion as a consideration for a future release. Not all items under consideration will make it into a release. As plans are confirmed, you will be notified when a specific release includes this enhancement.

    Thank you for taking the time to share your ideas with us. We are committed to involving our users in building our product roadmap and appreciate your suggestions.

    Regards,

    Angela Brady, Cúram Product Management Team

    Reply
  • Admin
    Graham McCrindle
    Jun 6, 2025

    Hi Mike,

    Thank you for taking the time to share your ideas with us. We are committed to involving our users in building our product roadmap and appreciate your suggestions.

    We will review the information you have provided and get back to you within 30 days. If additional details are required to complete our evaluation, we will send you a request for more information.

    Thank you,

    Graham McCrindle, CURAM Product Management Team

    Reply