Basic | Enables any user attached to your SAML configuration to join the program automatically without an invitation at login. This works for multiple programs if your SAML settings are attached to all programs. <br><br>To configure this provisioning, contact support@hackerone.com after your SAML configuration is enabled and HackerOne will turn it on for you.

Advanced | Enables organizations to control membership and permission level from their SSO provider. When configured, the attributes for the users membership and group will be used to assign the user to your program and the appropriate group in HackerOne with the associated permissions. You can confirm the memberships are being added properly by viewing your program [audit log](audit-logs.html).<br><br>To configure this provisioning, HackerOne needs to establish a mapping between the SSO provider (your system) and the HackerOne system. HackerOne does this by utilizing the attribute statements on the SSO provider side, which you will point to groups defined in your HackerOne program. <br><br>The assertion should provide an attribute with the following name: `Program.<handle>.groups` and the value should be a semi-colon delimited list of the program Group names the user should belong to. If no groups are specified the user will not be added to the program. <br><br> Take, for example, this set of configured Groups in HackerOne:<br><br>  <br><br>A correlating SSO configuration (for Okta) would look like this: <br><br>