From 723b2b2c2948f3c9fc3605ec025ad78fda299bf1 Mon Sep 17 00:00:00 2001 From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com> Date: Wed, 13 May 2026 20:24:05 +0000 Subject: [PATCH] Update JIT SSO setup to use WorkOS Organization ID Generated-By: mintlify-agent --- security-and-compliance/role-based-access-control.mdx | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/security-and-compliance/role-based-access-control.mdx b/security-and-compliance/role-based-access-control.mdx index 7f2d6d7..b596fe5 100644 --- a/security-and-compliance/role-based-access-control.mdx +++ b/security-and-compliance/role-based-access-control.mdx @@ -19,10 +19,11 @@ If the user does not have a Porter account, they will be asked to register. Afte To set up just in time user provisioning, you must be logged in with an **Admin** role. As an admin, you can find the setup in **Settings** then **Members** in the sidebar then go to the **SSO** tab. Setting up Just In Time User Provisioning requires your organization to have an Single Sign-On provider configured. -1. To set up Single Sign-On, you can click **Request** under **SSO provisioning** to reach out to support. Single Sign-On is configured by linking your identity provider with our auth provider. -2. After reaching out to support, set up JIT by going back to the **SSO** tab and click **Set Up** to login with an account. Ensure that you log in with an account connected to your organization. +1. To set up Single Sign-On, you can click **Request** under **SSO provisioning** to reach out to support. Single Sign-On is configured by linking your identity provider with our auth provider. +2. After Single Sign-On is configured, return to the **SSO** tab. Enter your **WorkOS Organization ID** (for example, `org_ABC123ABC123ABC123ABC123AB`) into the provided field. You can find this value in your WorkOS dashboard under the organization you want to connect. +3. Select a **Default role** to assign to new users that are provisioned through JIT SSO, then click **Save**. -Once setup, any new users in the same organization will automatically be added to the project without an invite email. By default these users will receive **viewer** role, but you can also configure the default role. You can also click **Update Provider** to set up a different organization. +Once setup, any new users in the same organization will automatically be added to the project without an invite email. By default these users will receive **viewer** role, but you can also configure the default role. To connect a different organization later, return to the **SSO** tab and update the **WorkOS Organization ID** field. Users that have been manually removed from the project will need to be manually re-added.