How do I add users if I'm using SAML/SSO?

There are two primary options to consider when adding SAML users: SAML Strict Mode and Just-in-Time Provisioning.  The following describes options for inviting users with the four potential configurations.

BOTH Strict Mode and JIT are NOT checked

• Invite users via the Invite tab under Users in Admin Settings.  This will send an email to users with a link, which is valid for 14 days. 
• Since the user can establish login credentials with Split they will be able to create a password and log in either via username/password or password.

Strict Mode only checked

• You will invite users via the Invite tab. Users will need to log in one time via username and password. 
• After that, users will need to log in via the SSO portal. 
  • As an alternative, the user can connect using the Single Sign-on URL found on the SAML tab.  

JIT only checked

• Add a user via the SSO portal.  You can add a user via an invite, in which case the first login must be through the invite. 
• If the user does not accept the invite when you subsequently try to add via the portal an error will be thrown and you’ll need to contact support. 
• If added through the portal, the first time they log in must be via the portal, which will create a user in Split and log them in. 
• Once logged in they can create a password in My Settings.  If added via an invite they will create a password when they respond to the invite. 
• They can log in either via SSO or username/password.

Strict Mode and JIT checked

• The best practice is to add via the portal.  If added via the portal the first time they log in must be via the portal, which will create a user in Split and log them in. 
• You can add a user via an invite, in which case the first login must be through the invite.  That will be the only time they log in using username and password. 
• If the user does not accept the invite if you subsequently try to add via the portal an error will be thrown and you’ll need to contact support. 
• All subsequent logins must be via the portal or the Single Sign-on URL.  Or they can put in just their email address on the login page to get redirected and logged in via most SSO implementations.