When a user attempts to single sign-on into Foundry, if the user already exists in Foundry, then the user get signed in as that user; see SAML NameID and EVERFI SSO ID for details. If the user does not exist, then you have two options:
- The user will see an error message
- The user will get created immediately in Foundry, and is then signed in as that newly-created user
The first option is the default behavior in Foundry.
The second option you can enable for your identity provider by checking the “allow registration during SSO” checkbox as described in SAML Identity Provider Setup. As described in the linked page, the new user’s properties will be set based on the values the SAML Response provides in different Attributes. This option is sometimes described as just in time user provisioning because the user is created only when needed.