For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
HUMAN DashboardHUMAN WebsiteRequest a Demo
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
  • Getting Started
    • Overview
    • Best practices
  • Sightline Cyberfraud Defense
    • About Sightline Cyberfraud Defense
    • Getting Started
    • What's different in Sightline Cyberfraud Defense
    • Sensor changelog
    • About the Overview Dashboard
    • Glossary
  • AgenticTrust
    • Getting started with AgenticTrust
    • AI Agents Monitoring Dashboard
    • AI Visitors Overview Dashboard
    • Manage AI Agent Permissions
    • Agentic Activity Priority
    • Agent Trust Levels
  • Account Defender
    • Account Defender Overview
    • Use Cases
    • Prerequisites
    • Getting Started with Account Defender
    • Optimizing Account Defender Detection
    • Validating Account Defender Integration
    • Risk Triggers
    • About Network Events
    • Troubleshooting
  • Bot Defender
    • Bot Defender Overview
    • Detection
    • Bot Defender Policy Settings
    • Footprint
  • Credential Intelligence
    • Credential Intelligence Overview
    • How to Access the Breached Flag
    • Credential Intelligence FAQ
    • Credential Intelligence Dashboard
  • Code Defender
    • Code Defender Introduction
    • Getting Started with Code Defender
    • Code Defender Glossary
    • Website Risk Analyzer
  • Platform
    • Account settings
    • Manage users
    • Role permissions
      • Sign-on methods
      • Users Provisioning
    • Enforcer configurations
    • Page Type Mapping
  • Client-Side Integration
    • JavaScript tag
    • Improving first page performance
    • Use of cookies & web storage
    • Advanced client integration
LogoLogo
Login
Login
HUMAN DashboardHUMAN WebsiteRequest a Demo
On this page
  • Prerequisites
  • Default (user) provisioning
  • Group provisioning
PlatformAuthentication

Users provisioning

Was this page helpful?
Previous

Application Protection Pricing

Next
Built with

You can configure user provisioning within HUMAN to control user access and permissions to all of HUMAN’s products. We support SCIM provisioning for the following:

  • Default (user) provisioning: Set up default user roles per product that you can assign to each user when you invite them to HUMAN.
  • Group provisioning: Set up groups and manage HUMAN access from your SSO provider.

Each option supports slightly different features:

FeatureDefault (user) provisioningGroup provisioning
User-related features
Create, update, deactivate, and reactivate users		✅✅
Group-related features
Push, delete, and update groups and the assigned users		❌✅
Importing users from app → IdP❌❌
Importing groups from app → IdP❌❌

You can learn how to set up one of these options with this article.

Prerequisites

  • A configured SSO sign-on method. Email and password authentication is not compatible with users provisioning
  • Admin access to your identity or single sign-on provider to enable provisioning.

Default (user) provisioning

Default provisioning lets you set up default role permissions to assign users when you invite them to HUMAN. Default provisioning is compatible with email and password authentication as well as with SSO.

  1. With your sidebar open, navigate to Platform settings > Authentication > Users Provisioning.
  2. Select Default-based Provisioning.
  3. Under Provisioning Configuration, copy the Base URL.
  4. In your identity or single sign-on provider, enable user provisioning and provide the base URL you copied in Step 3.
  5. Return to HUMAN and click Generate new to create a HUMAN API token.
  6. Copy the token that appears.

This will be the only time the token appears. Be sure to copy and save it in a secure place. If it’s lost, you will need to generate a new code and set up provisioning again.

  1. In your identity or single sign-on provider, authenticate with the API token using a bearer token method.
  2. Return to HUMAN and select the default Role for each HUMAN product. If you select None, then the user will not have access to that product after they’re invited.
  3. Click Save changes.

Now, your default provisioning will appear as an option when you invite a new user. For more on inviting users, see Managing users.

Example of an Azure SAML authentication method appearing when adding a new user

Group provisioning

Group provisioning lets you manage user groups and access from your SSO provider. After HUMAN receives your groups, you can set role permissions per product for each group. Group provisioning is only compatible with SSO authentication.

If you enable group provisioning, you will no longer be able to invite, manage, or delete users from within HUMAN. All user and group management will be through your organization’s SSO provider.

  1. With your sidebar open, navigate to Platform settings > Authentication > Users Provisioning.
  2. Select Group-based Provisioning.
  3. Under Provisioning Configuration, copy the Base URL.
  4. In your single sign-on provider, enable user provisioning and provide the base URL you copied in Step 3.
  5. Return to HUMAN and click Generate new to create a HUMAN API token.
  6. Copy the token that appears.

This will be the only time the token appears. Be sure to copy and save it in a secure place. If it’s lost, you will need to generate a new code and set up provisioning again.

  1. In your single sign-on provider, authenticate with the API token using a bearer token method.
  2. Set up your desired user groups in your provider, then push them to HUMAN.
  3. Return to HUMAN and select the default Role for each HUMAN product per group. If you select None, then users assigned to that group will not have access to that product.

For a user role to be reflected, you must assign it to both the application and the push group.

  1. Click Save changes.

You can now manage HUMAN users via your SSO provider. If you ever change your user groups, be sure to return to HUMAN to update the HUMAN role permissions as well.