From 9f72a45c45189241944cf965f0287f0c2f2b8a51 Mon Sep 17 00:00:00 2001
From: Gao Sun <gao@silverhand.io>
Date: Fri, 21 Jun 2024 19:59:52 +0800
Subject: [PATCH] chore: update changeset (#6077)

---
 .changeset/smart-laws-compare.md | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/.changeset/smart-laws-compare.md b/.changeset/smart-laws-compare.md
index 2b924e0b047..7ded13506ed 100644
--- a/.changeset/smart-laws-compare.md
+++ b/.changeset/smart-laws-compare.md
@@ -8,11 +8,16 @@
 
 feature: just-in-time user provisioning for organizations
 
-This feature allows organizations to provision users when signing up with their email address or being added by Management API.
+This feature allows users to automatically join the organization and be assigned roles upon their first sign-in through some authentication methods. You can set requirements to meet for just-in-time provisioning.
 
 ### Email domains
 
-If the user's verified email domain matches one of the organization's configured domains, the user will be automatically provisioned to the organization.
+New users will automatically join organizations with just-in-time provisioning if they:
+
+- Sign up with verified email addresses, or;
+- Use social sign-in with verified email addresses.
+
+This applies to organizations that have the same email domain configured.
 
 To enable this feature, you can add email domain via the Management API or the Logto Console:
 
@@ -23,6 +28,19 @@ To enable this feature, you can add email domain via the Management API or the L
   - `DELETE /organizations/{organizationId}/jit/email-domains/{emailDomain}`
 - In the Logto Console, you can manage email domains in the organization details page -> "Just-in-time provisioning" section.
 
+### SSO connectors
+
+New or existing users signing in through enterprise SSO for the first time will automatically join organizations that have just-in-time provisioning configured for the SSO connector.
+
+To enable this feature, you can add SSO connectors via the Management API or the Logto Console:
+
+- We added the following new endpoints to the Management API:
+  - `GET /organizations/{organizationId}/jit/sso-connectors`
+  - `POST /organizations/{organizationId}/jit/sso-connectors`
+  - `PUT /organizations/{organizationId}/jit/sso-connectors`
+  - `DELETE /organizations/{organizationId}/jit/sso-connectors/{ssoConnectorId}`
+- In the Logto Console, you can manage SSO connectors in the organization details page -> "Just-in-time provisioning" section.
+
 ### Default organization roles
 
 You can also configure the default roles for users provisioned via this feature. The default roles will be assigned to the user when they are provisioned.