---
title: User account management
description: Typically, the identity provider (IdP) repository maintains user accounts in an identity federation. However, a service provider (SP) often has its own set of user accounts, which might not always correspond to IdP users.
component: pingfederate
version: 13.1
page_id: pingfederate:introduction_to_pingfederate:pf_user_acc_manage
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/introduction_to_pingfederate/pf_user_acc_manage.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: July 5, 2022
---

# User account management

Typically, the identity provider (IdP) repository maintains user accounts in an identity federation. However, a service provider (SP) often has its own set of user accounts, which might not always correspond to IdP users.

The SP might need to establish and maintain parallel accounts for remote single sign-on (SSO) users to enforce authorization policy, customize user experience, comply with regulations, or a combination of such purposes.

PingFederate provides two kinds of user provisioning for browser-based SSO to facilitate cross-domain account management, one designed for an IdP, and one for an SP:

* At an IdP site, an administrator automatically provisions and maintains user accounts for partner SPs who have implement the System for Cross-domain Identity Management (SCIM) or, when using optional plugin software as a service (SaaS) connectors, for selected hosted-software providers..

* At an SP site, an administrator provisions accounts within the organization automatically from SCIM-enabled IdPs or usesinformation from SAML assertions received during SSO events.

For more information, see [User provisioning](pf_user_provis.html).