Users provisioning

You can configure user provisioning within HUMAN to control user access and permissions to all of HUMAN’s products. There are two types of provisioning options:

• Default provisioning: Set up default user roles per product that you can assign to each user when you invite them to HUMAN.
• Group provisioning: Set up groups and manage HUMAN access from your SSO provider.

You can learn how to set up one of these options with this article.

Prerequisites

• A configured authentication method. If you are setting up group provisioning, you need to configure a single sign-on method. Email authentication will not work.
• Admin access to your identity or single sign-on provider to enable provisioning.

Default provisioning

Default provisioning lets you set up default role permissions to assign users when you invite them to HUMAN. Default provisioning is compatible with email and password authentication as well as with SSO.

1. Navigate to Platform settings > Authentication > Users Provisioning.
2. Select Default-based Provisioning for your provisioning method.
3. Under General User Provisioning Configuration, copy the Base URL.
4. In your identity or single sign-on provider, enable user provisioning and provide the base URL you copied in Step 3.
5. Return to HUMAN and click Generate new to create a HUMAN API token.
6. Copy the token that appears.

🚧

Warning

This will be the only time the token appears. Be sure to copy and save it in a secure place. If it’s lost, you will need to generate a new code and set up provisioning again.

7. In your identity or single sign-on provider, authenticate with the API token using a bearer token method.
8. Return to HUMAN and select the default Role for each HUMAN product. If you select None, then the user will not have access to that product after they’re invited.
9. Click Save changes.

Now, your default provisioning will appear as an option when you invite a new user. For more on inviting users, see Managing users.

Group provisioning

Group provisioning lets you manage user groups and access from your SSO provider. After HUMAN receives your groups, you can set role permissions per product for each group. Group provisioning is only compatible with SSO authentication.

📘

Note

If you enable group provisioning, you will no longer be able to invite, manage, or delete users from within HUMAN. All user and group management will be through your organization’s SSO provider.

1. Navigate to Platform settings > Authentication > Users Provisioning.
2. Select Group-based Provisioning or your provisioning method.
3. Under General User Provisioning Configuration, copy the Base URL.
4. In your single sign-on provider, enable user provisioning and provide the base URL you copied in Step 3.
5. Return to HUMAN and click Generate new to create a HUMAN API token.
6. Copy the token that appears.

🚧

Warning

This will be the only time the token appears. Be sure to copy and save it in a secure place. If it’s lost, you will need to generate a new code and set up provisioning again.

7. In your single sign-on provider, authenticate with the API token using a bearer token method.
8. Set up your desired user groups in your provider, then push them to HUMAN.
9. Return to HUMAN and select the default Role for each HUMAN product per group. If you select None, then users assigned to that group will not have access to that product.
10. Click Save changes.

You can now manage HUMAN users via your SSO provider. If you ever change your user groups, be sure to return to HUMAN to update the HUMAN role permissions as well.