This feature allows to automatically create IAM accounts based on the provider's data. The created account is stored in the loginapp's user repository.
This feature requires Account Linking to be enabled.
If this feature is used in combination with Auto-link existing IAM accounts, no account is registered if an existing IAM account was found and linked.
For automated account registration, the provider's data is used without additional validation. In particular:
- Channel verification for mTAN numbers and/or email addresses is currently not supported.
- Data validation (e.g. using regular expressions) is currently not supported.
- The provider's data that is used to create the account is not displayed to the user and the user is not asked to confirm the data, e.g. using transaction approval.
Therefore, if this feature is used, the provider must guarantee that the provided data is valid (e.g. channel-verified and validated). IAM must trust the provider to do appropriate validation.
An automated account registration fails in case a user already exists on IAM but its context data differs from the data sent by the provider. This can potentially be used to find out if a user exists in the IAM database (user enumeration attack). Make sure this is not an issue in the given setup, especially in case the provider allows users to self-register.