An admin can add a new user to their LightStep [𝑥]PM organization manually or automatically via domain whitelisting to allow all users at that domain to log in without an explicit invitation.
- If you set up OAuth, you will not need to manually invite individual users
- When someone either enters the organization via OAuth or you manually invite them, an account will be created in the organization with access to all of the organization's projects
- If the user does not currently have an account with LightStep [𝑥]PM, a welcome email will be sent with a link to set up an account
- To manage an organization, a user needs Admin privileges which a current admin will need to give. There can be multiple admins.
- Removing a user will revoke their access to the projects owned by the organization
- Any new user with a verified email address that belongs to one of these domains will automatically have an account provisioned and will be added to the organization.
- Removing domains will prevent new users from being added but will not affect existing users.
- JIT account provisioning works with username/password authentication as well as Single Sign-on. LightStep [𝑥]PM users can now authenticate via Google Sign-in. Clicking on the Sign in with Google button on the sign-in page will verify your email address with Google and log you into your account. No additional steps are necessary to enable this for accounts in your organization. Single Sign-on can be combined with Domain Whitelisting for Organizations to provide a seamless one-click login and JIT account provisioning experience for members of your organization.
Google Apps for Work teams can streamline the process further by adding LightStep to your Google Apps Whitelist. Enabling it will skip this screen for SSO users in your organization.
Extracted from Google's developer documentation
Your Google Apps administrator can whitelist LightStep for the entire organization so that users can skip the auth page during the sign-in process.
- Open the Google Apps Admin Console.
- Click the Security icon, then click Show More --> Advanced Settings --> Manage API client access.
- Authorize LightStep by adding these credentials.
- Click Authorize. The whitelisting will take effect in about 30 minutes.