After integrating with SSO, When a new user logins only a contact and user will be created. How to are roles assigned to the user? It should be assigned before logging into creatio, right?
or Am I wrong? I am confused with links between contact,system administration object and Employee.
First of all I would like to admit that new users automatically created during an SSO login only when JIT option is enabled.
When the JIT is enabled and some users logs in via an SSO, the system will check if there any user with name mapped on SSO side and if there is no user with the same username - it will be created.
As for the roles, they are being actualized each time user logs in via an SSO with JIT enabled from the user's roles in your IdP.
Please note that if you want to use JIT you need to make sure that all the role names in your Identity Provider are the same as in Creatio and all users are having proper roles assigned for them on the SSO side.