...
The Just-in-time provisioning settings affect how Authenticated SSO-verified Anonymous Acess Access works since both features are related to the presence of user accounts. If Just-in-time provisioning is set to create users, this will take precedence over anonymous access.
The Group Memberships settings allow configuring conditions for when the user is created. This can be configured fluently with Authenticated SSO-verified Anonymous Access. For example, you can configure a policy in which users and group memberships are created automatically for all users logging in and belonging to the editor group in your identity provider. In contrast, all other users will fall back to “anonymous access” after logging in with SSO.
...