This article contains answers to Frequently Asked Questions about Hatch IAM and SSO. It covers General Questions, Deprovisioning Questions, and User Account Authorization Within the Platform Questions
General:
- What protocol(s) does Hatch support and what is preferred when exchanging authentication and authorization metadata between parties?
-
- SAML 2.0 is our preferred methods.
- Hatch's customer is typically the identity provider.
-
- Are there any required attributes for your customer’s IdP to provide at authentication?
-
- First & Last name
- Username/unique identifier
- Additional attributes may be required based on your workflow
- Additional attributes accepted but not required – click here.
-
- How are user accounts provisioned?
-
- JIT
-
- Is an Application Programming Interface (API) provided; if so, what documentation is available for its consumption?
-
- Yes you can administratively access a list of users within an organization with this endpoint.
-
- Does automated report generation exist for scheduled internal distribution?
-
- No
-
Deprovisioning:
- Are accounts deactivated or entirely deleted?
-
- Deactivated
-
- Are accounts manually removed?
-
- Yes
-
- Is an Application Programming Interface (API) provided; if so, what documentation is available for its consumption?
-
- Yes an API exists for deprovisioning
-
- What different levels of access does the application require?
-
- Hatch needs read only access to your system in order to authenticate users.
-
User Account Authorization Within the Platform:
- Does the application support role or group assignment?
-
- Yes, we have role and group assignment (ie. Scheduler, Provider)
-
- Can role or group membership information be passed in the SAML assertion or OAuth token?
-
- Yes. We can map your role designations to our user-types
-
- What user attributes are required by the application?
-
- We do not have role specific attributes required.
-
- How do we obtain a list of users and their authorizations?
-
- Admin users within Hatch can download a .csv of users
-
Comments
0 comments
Please sign in to leave a comment.