Associate personal SaaS accounts (GitHub, Bitbucket, NPM, etc.) to appropriate organization accounts/teams/groups and relate to Person entity

[aiwilliams]

When onboarding users to an organization's staff, and when off-boarding rewinding the process completely, it is important to:

1. Add their SaaS account to the organization's account/teams/groups in the SaaS platform
2. Associate their SaaS accounts with the Person entity record in JupiterOne

Devise tool(s) that support automating these processes.

For example, it is typical to create an account in the organization's SSO platform for a new employee, collect information about the person's accounts in GitHub and Bitbucket etc., and add custom properties to the SSO record, such as githubUsername or 'bitbucketUsername. The JupiterOne mapper will transfer these to the Personentity representing that SSO account when the SSO record is ingested. Then, when a GitHubUserentity enters the system, the mapper will see theusernamematches aPerson.githubUsernameand build a relationship,User - IS -> Person`.

This process depends on an organization's account administrator to:

1. Create the SSO account
2. Obtain SaaS account identities from the new hire
3. Add the custom properties to the SSO record

Ideally, the person could work through authenticated flows to associate their SaaS account with necessary groups/teams/roles based on assigned organization roles, during which time their SaaS identities are associated with the Person entity and relationships are mapped when the SaaS accounts are ingested by JupiterOne.