Question | Answer |
What is your metadata endpoint? | |
Do you support Just In Time (JIT) provisioning? | Yes, you can read more about JIT Provisioning here. |
What happens to my existing 2FA and password? | Your 2FA and password settings will be deleted, and you'll only be able to log in with SSO when you're migrated. The SSO provider is expected to handle 2FA. |
Do you support SAML and password login? | No, once a user is SAML enabled, they won't be able to log in with their password. |
Is SAML configurable on a per-user basis? | No, all users belonging to a SAML-enabled domain will be required to use SAML authentication. |
Do you support custom session times? | Yes, HackerOne will respect the SessionNotOnOrAfter attribute if provided during authentication. This will allow you to customize the length of the session up to an upper bound of 2 weeks. If you provide this value, it'll be the source of truth and the remember me will be ignored. |
Do you support Single Logout? | No, we don't support single logout at this time. |
What happens to users on my team that don't belong to our claimed domain? | Turning on SSO will only affect users of the claimed domain. Any users that are using e-mail addresses on other domains will not be affected. |
What is your NameID format? |
|
What is your Entity ID? | hackerone.com |
What is your ACS URL? | |
What are your attribute fields? |
|
Do you support IDP or SP-initiated login? | We support both IDP and SP-initiated login. |
What SAML bindings do you support? | We support POST binding. |
What is the session length? | The default session length is 1 hour, but extendable while the user is active. If the user sets "Remember Me" the session will be active for 2 weeks. |
Organization FAQs about SSO via SAML
Updated over a week ago