A person from your organization should be designated to processing new Cloudyn users.
This entails creating the users within Cloudyn, and assigning their permissions.
This should ideally be done before users are notified of the ability to use SSO login.
If a user doing an SSO login is autheticated by the identity provider, by not registered as a Cloudyn user, then the Organizations SSO contact would be automatically notified.
The registering of your existing Cloudyn users can be done automatically using the Cloudyn public User API.