What is your metadata endpoint? |
https://hackerone.com/users/saml/metadata?format=saml_metadata_xml |
Do you support Just In Time (JIT) provisioning? |
Yes, you can read more about JIT Provisioning here. |
What happens to my existing 2FA and password? |
Your 2FA and password settings will be deleted, and you'll only be able to login with SSO when you're migrated. The SSO provider is expected to handle 2FA. |
Do you support SAML and password login? |
No, once a user is SAML enabled, they won't be able to login with their password. |
Is SAML configurable on a per user basis? |
No, all users belonging to a SAML enabled domain will be required to use SAML authentication. |
Do you support custom session times? |
Yes, HackerOne will respect the SessionNotOnOrAfter attribute if provided during authentication. This will allow you to customize the length of the session up to an upper bound of 2 weeks. If you provide this value, it'll be the source of truth and the remember me will be ignored. |
Do you support Single Logout? |
No, we don't support single logout at this time. |
What happens to users on my team that don't belong to our claimed domain? |
Turning on SSO will only affect users of the claimed domain. Any users that are using e-mail addresses on other domains will not be affected. |
What is your NameID format? |
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
What is your Entity ID? |
hackerone.com |
What is your ACS URL? |
https://hackerone.com/users/saml/auth |
What are your attribute fields? |
User.firstName (First Name) and User.lastName (Last Name). You can read more details about what is available here. |