There are two primary options to consider when adding SAML users: SAML Strict Mode and Just-in-Time Provisioning. The following describes options for inviting users with the four potential configurations.
BOTH Strict Mode and JIT are NOT checked
- Invite users via the Invite tab under Users in Admin Settings. This will send an email to users with a link, which is valid for 14 days.
- Since the user can establish login credentials with Split they will be able to create a password and log in either via username/password or password.
Strict Mode only checked
- You will invite users via the Invite tab. Users will need to log in one time via username and password.
- After that, users will need to log in via the SSO portal.
- As an alternative, the user can connect using the Single Sign-on URL found on the SAML tab.
JIT only checked
- Add a user via the SSO portal. You can add a user via an invite, in which case the first login must be through the invite.
- If the user does not accept the invite when you subsequently try to add via the portal an error will be thrown and you’ll need to contact support.
- If added through the portal, the first time they log in must be via the portal, which will create a user in Split and log them in.
- Once logged in they can create a password in My Settings. If added via an invite they will create a password when they respond to the invite.
- They can log in either via SSO or username/password.
Strict Mode and JIT checked
- The best practice is to add via the portal. If added via the portal the first time they log in must be via the portal, which will create a user in Split and log them in.
- You can add a user via an invite, in which case the first login must be through the invite. That will be the only time they log in using username and password.
- If the user does not accept the invite if you subsequently try to add via the portal an error will be thrown and you’ll need to contact support.
- All subsequent logins must be via the portal or the Single Sign-on URL. Or they can put in just their email address on the login page to get redirected and logged in via most SSO implementations.
Comments
0 comments
Please sign in to leave a comment.