Provision Dynamic Account node

Not supported in Advanced Identity Cloud

Provision an account following successful authentication by a SAML2 authentication node or the Social Provider Handler node.

Accounts are provisioned using properties defined in the attribute mapper configuration of a social authentication or SAML2 authentication node earlier in the flow.

If a password has been acquired from the user, for example, by using the Platform Password node, it is used when provisioning the account; otherwise, a 20-character random string is used.

In addition to retrieving the password from the node state, the Provision Dynamic Account node gets the realm value, and attributes and userNames from userInfo in the shared state. It sets the username attribute in the node’s shared state.

Example

In this example, the node lets users who have performed social authentication using Google provide a password and provision an account if they don’t have a matching existing profile. They must enter a one-time passcode to verify they are the owner of the Google account.

Availability

Product	Available?
PingOne Advanced Identity Cloud	No
PingAM (self-managed)	Yes
Ping Identity Platform (self-managed)	No

Product

Available?

PingOne Advanced Identity Cloud

PingAM (self-managed)

Yes

Ping Identity Platform (self-managed)

Outcomes

Single outcome path.

Configuration

Property Usage

Property	Usage
Account Provider	Specifies the name of the class that implements the account provider. Default: `org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider`

Account Provider

Specifies the name of the class that implements the account provider.

Default: org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider

Authentication nodes

Provision Dynamic Account node

Example

Availability

Outcomes

Configuration