The SP might need to establish and maintain parallel accounts for remote single sign-on (SSO) users to enforce authorization policy, customize user experience, comply with regulations, or a combination of such purposes.

PingFederate provides two kinds of user provisioning for browser-based SSO to facilitate cross-domain account management, one designed for an IdP, and one for an SP:

  • At an IdP site, an administrator automatically provisions and maintains user accounts for partner SPs who have implement the System for Cross-domain Identity Management (SCIM) or, when using optional plugin software as a service (SaaS) connectors, for selected hosted-software providers..
  • At an SP site, an administrator provisions accounts within the organization automatically from SCIM-enabled IdPs or usesinformation from SAML assertions received during SSO events.

For more information, see User provisioning.