Terraform
Link a user account for single sign-on
You have an SSO identity for every SSO-enabled HCP Terraform organization. HCP Terraform links each SSO identity to a single HCP Terraform user account. This link determines which account you can use to access each organization.
You can add and remove SSO identity links for all providers, including Microsoft Entra ID, Okta, and SAML.
Add SSO Identity Link
The first time you use SSO to log in to an organization, HCP Terraform links that SSO identity to your user account. You can only log in to that organization using the linked user account.
When HCP Terraform does not recognize the email address associated with your identity provider, it asks if you want to create a new user account with that email address. You can choose one of the following actions:
- Create a new account: HCP Terraform automatically links your SSO identity to this new account after creation.
- Link to an existing account: Click Link SSO identity to a different account and sign in with one of the following account types.
- Linked HashiCorp Cloud Platform (HCP) account: Click Continue with HCP account and use your HCP credentials to sign in to HCP Terraform. HCP Terraform automatically links your SSO identity to that HCP-linked account. Refer to Linked HCP and HCP Terraform Accounts for more details.
- HCP Terraform account: Sign in with your HCP Terraform username and password. HCP Terraform automatically links your SSO identity to that account.
Change SSO Identity Link
HCP Terraform shows an error if you try to log in to an SSO-enabled organization with a different user account than the one linked to your SSO identity. To change this SSO identity link:
- Log in to HCP Terraform using the linked account.
- Remove the SSO identity link from the current account.
- Sign out of HCP Terraform.
- Log in and add an SSO identity link to the desired account.
Remove SSO Identity Link
To unlink an SSO identity from an HCP Terraform account:
- Sign in with SSO to the linked account.
- Click your user icon and select Account Settings. Your Profile page appears.
- Click SSO in the left navigation bar. The SSO page appears, showing a list of all of the SSO identities associated with this account.
- Click the ellipses (...) next to the association you want to unlink and select Unlink SSO identity. The Unlink SSO identity box appears.
- Click Unlink SSO identity.
The SSO association is now unlinked and removed from the SSO list. The organization is still available in the Choose an organization menu, but HCP Terraform will prompt you to log into that organization through SSO before you can access it.