Jit Provisioning

Organizations: Just-in-time (JIT) provisioning with SSO via SAML

Updated over a week ago

HackerOne offers Just-in-time (JIT) provisioning with SSO via SAML. JIT provisioning enables you to automatically create user accounts by using the information from the SAML protocol.

When SSO via SAML has been set up, each time a new user from your organization logs in to HackerOne, their account will automatically be created. Two types of provisioning are associated with the creation of each account: Attribute Provisioning and Program Membership.

Provisioning Type

Details

Attribute Provisioning

By default, all accounts will be provisioned with and keep these attributes up-to-date:

  1. First Name

  2. Last name

Program Membership

All SAML users have access to the platform by default but don't necessarily have access to programs. The options for program membership can be set to: None (default), Basic, or Advanced. See below to learn more about these options.

Program Membership Options

You can configure your program membership options to None (default), Basic or Advanced. Each option provides different permissions to the user.

For Basic or Advanced configuration, please contact HackerOne

Option Type

Details

None

You can invite users to your program and manage their membership and permission level within the user management interface.

Basic

Enables any user attached to your SAML configuration to join the program automatically without an invitation at login. This works for multiple programs if your SAML settings are attached to all programs.
​
To configure this provisioning, register on our support portal and submit a ticket. Learn more about the support portal here.

Advanced

Only for Enterprise programs
​
Enables organizations to control membership and permission levels from their SSO provider. Set up user attributes to determine program membership, group assignment, and permissions in HackerOne. You can confirm the memberships are added properly by viewing your program audit log.
​
To configure this provisioning, register on our support portal and submit a ticket. Learn more about the support portal here.

Did this answer your question?