User provisioning is the process of ensuring user accounts are created, given proper permissions, and maintained across IT infrastructure and Atlassian applications.
...
Generally speaking, websudo by using passwords is not possible with users provisioned by JIT, API Connectors, or SCIM. This is because Kantega SSO cannot synchronize or obtain the passwords from the identity provider. Authentication for such users is only possible via SSO, by redirecting to the identity provider. Users then authenticate in the IDP and are redirected back with a proof of identity, i.e. a SAML Response or an ID Token. In version 5.1.0 of Kantega SSO re-login via the a SAML or OIDC based Identity Provider has been added to perform websudo (see below image).
...
Please be aware that re-authentication requires your IdentityProvider to support the forceAuthn=true flag (for SAML), and prompt=login or max_age=0 flags for OIDC. Please verify that re-authentication works by clicking the Re-authenticate with SSO button and see that you are required to log in again (and not just bounce directly back to the admin pages). If you have a problem with re-login for your IdP, please contact us and we will see if there are any ways of enabling the support for this.
...