1. Split Help Center
  2. Secure
  3. FAQs

How do I add users if I'm using SAML/SSO?

  • Updated

There are two primary options to consider when adding SAML users: SAML Strict Mode and Just-in-Time Provisioning.  The following describes options for inviting users with the four potential configurations.

BOTH Strict Mode and JIT are NOT checked

  • Invite users via the Invite tab under Users in Admin Settings.  This will send an email to users with a link, which is valid for 14 days. 
  • Since the user can establish login credentials with Split they will be able to create a password and log in either via username/password or password.

Strict Mode only checked

  • You will invite users via the Invite tab. Users will need to log in one time via username and password. 
  • After that, users will need to log in via the SSO portal. 
  • As an alternative, the user can connect using the Single Sign-on URL found on the SAML tab.  

JIT only checked

  • Add a user via the SSO portal.  You can add a user via an invite, in which case the first login must be through the invite. 
  • If the user does not accept the invite when you subsequently try to add via the portal an error will be thrown and you’ll need to contact support. 
  • If added through the portal, the first time they log in must be via the portal, which will create a user in Split and log them in. 
  • Once logged in they can create a password in My Settings.  If added via an invite they will create a password when they respond to the invite. 
  • They can log in either via SSO or username/password.

Strict Mode and JIT checked

  • The best practice is to add via the portal.  If added via the portal the first time they log in must be via the portal, which will create a user in Split and log them in. 
  • You can add a user via an invite, in which case the first login must be through the invite.  That will be the only time they log in using username and password. 
  • If the user does not accept the invite if you subsequently try to add via the portal an error will be thrown and you’ll need to contact support. 
  • All subsequent logins must be via the portal or the Single Sign-on URL.  Or they can put in just their email address on the login page to get redirected and logged in via most SSO implementations.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.