HashiCorp Cloud Platform
Assign a Default Organization Role
To streamline permission management, set a default organization role for users. Admins can decide whether to assign a default organization role or not. For least-privileged purposes, users signing up when there is no default organization role have a limited experience within the platform until an organization or project admin assigns an organization-scoped or project-scoped role. Learn more about HCP permissions.
Post-Single Sign-On (SSO) Connection
Once Single Sign-On (SSO) is configured, if you log out of your account and attempt to sign in using your SSO credentials, you will be assigned the default organization role, resulting in the loss of your current admin capabilities. For effective administration, ensure there is an existing admin/owner logged in to the organization. This admin can modify permissions for SSO users, including yourself, once they’ve logged in.
The administrator who owns the organization and enabled SSO can still use their original, non-SSO account to sign in to the HCP web portal and access the SSO-enabled organization.
Setting the default organization role to admin:
When assigning the default role for the organization, opt for least privilege access, such as no organizational role or a viewer role. Exercise caution if assigning the default organization user role as "admin".
Users without an organization role:
Users without organization roles cannot view or edit anything inside the organization until project-level or workspace-level roles are assigned to them after their first login as a SSO user.