Some identity providers (IdP) used for single sign-on (SSO) via Security Assertion Markup Language (SAML) don’t have an option to restrict which service provider applications a user is allowed to access. By default, any member who has access to InVision within your IdP can also automatically create an InVision account under the Enterprise company.
It is possible, however, to block automatic account provisioning and instead display a custom error message for any company members who have been authenticated with your IdP but have not yet been invited to the Enterprise account (as seen in the screenshot below).
If you want to disable SAML automatic account provisioning for your Enterprise, please have an admin on your account reach out to InVision Support.
You will also have two customization options for the error message screen above:
- To replace the message itself ("Please contact your account administrator for the invite."), just provide InVision Support your custom message when requesting that we disable auto-provisioning.
- To replace the InVision logo with your company logo, please follow the steps outlined in our Custom Branding guide.
Other questions about using SAML or other types of SSO for your InVision Enterprise? Learn more in our SSO guide.