Once SSO with SAML is configured for DataSet, the authentication step is offloaded to your IdP. Rather than logging in with a DataSet-specific username and password, a user will authenticate via your IdP.
Traditionally, DataSet has only supported authentication via SSO. Authorization, i.e. determining which accounts and permissions a user has access to, was still managed in DataSet. Adding a user would require adding them in your IdP as well as inviting them to the appropriate team(s) in DataSet.
DataSet now allows you to manage authorization via your IdP as well. This is done via just-in-time SAML user provisioning. When a user logs into DataSet via your IdP, the IdP sends a list of groups to which the user belongs. If the user does not exist, the system creates the user. It then uses the list of groups to add or remove the user from the appropriate DataSet teams & access groups.
For more details, please contact your Technical Account Manager or firstname.lastname@example.org.