Auto-creation of user accounts can be enabled on the service provider side. An account would be created when there is none corresponding to the identity provider user account requesting access. This might be necessary, for example, when a new service provider has joined an existing circle of trust.
Auto-creation is supported only when the service provider is running on an instance of OpenSSO Enterprise as it extends that product's Dynamic Profile Creation functionality.
You must configure the attribute mapper on the identity provider side to include an AttributeStatement from the user. The account mapper on the service provider side will perform user mapping based on the AttributeStatement.
Enable auto Federation for the Identity Provider. For more information, see To Federate Disparate Accounts with Auto Federation.
Repeat the above steps to modify the service provider's extended metadata.
Enable Dynamic Profile Creation using the OpenSSO Enterprise console.
Log in to the OpenSSO Enterprise console as the top-level administrator, by default, amadmin.
Under the Access Control tab, select the appropriate realm.
Select the Authentication tab.
Select Advanced Properties.
Set User Profile to Dynamic or Dynamic with User Alias and click Save.
Log out of OpenSSO Enterprise.
To test, invoke single sign-on from the service provider.