Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-01-27 21:39:16 -05:00
Code Issues Activity

chore: update changeset (#6077)

Browse source
This commit is contained in:
Gao Sun 2024-06-21 19:59:52 +08:00 committed by GitHub
parent 5065eea03b
commit 9f72a45c45
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 20 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
.changeset/smart-laws-compare.md
View file

@ -8,11 +8,16 @@
feature: just-in-time user provisioning for organizations
This feature allows organizations to provision users when signing up with their email address or being added by Management API.
This feature allows users to automatically join the organization and be assigned roles upon their first sign-in through some authentication methods. You can set requirements to meet for just-in-time provisioning.
### Email domains
If the user's verified email domain matches one of the organization's configured domains, the user will be automatically provisioned to the organization.
New users will automatically join organizations with just-in-time provisioning if they:
- Sign up with verified email addresses, or;
- Use social sign-in with verified email addresses.
This applies to organizations that have the same email domain configured.
To enable this feature, you can add email domain via the Management API or the Logto Console:
@ -23,6 +28,19 @@ To enable this feature, you can add email domain via the Management API or the L
- `DELETE /organizations/{organizationId}/jit/email-domains/{emailDomain}`
- In the Logto Console, you can manage email domains in the organization details page -> "Just-in-time provisioning" section.
### SSO connectors
New or existing users signing in through enterprise SSO for the first time will automatically join organizations that have just-in-time provisioning configured for the SSO connector.
To enable this feature, you can add SSO connectors via the Management API or the Logto Console:
- We added the following new endpoints to the Management API:
- `GET /organizations/{organizationId}/jit/sso-connectors`
- `POST /organizations/{organizationId}/jit/sso-connectors`
- `PUT /organizations/{organizationId}/jit/sso-connectors`
- `DELETE /organizations/{organizationId}/jit/sso-connectors/{ssoConnectorId}`
- In the Logto Console, you can manage SSO connectors in the organization details page -> "Just-in-time provisioning" section.
### Default organization roles
You can also configure the default roles for users provisioned via this feature. The default roles will be assigned to the user when they are provisioned.