Issue
If someone is added to my Identity Provider (IdP), will they have access to my Heroku Team without me adding them explicitly?
Resolution
Yes, we do. A user that is not a Heroku user yet (as denoted by the email the IdP sends us) will be created. The user will still need to verify the email address with us. The user will have the default role in the Team, as selected by the Team admins. You can update the default role from the Settings tab for your Heroku Enterprise Team in Dashboard. The default role is member
if it has not been set by an admin.