This feature allows to automatically create IAM accounts based on the provider's data. The created account is stored in the Loginapp's user repository.
This feature requires Account Linking to be enabled.
If this feature is used in combination with Auto-link existing IAM accounts, no account is registered if an existing IAM account was found and linked.
The provider's data is used without additional validation for automated account registration.
- In particular:
- Channel verification for mTAN numbers and/or email addresses is not supported.
- Data validation (e.g., using regular expressions) is currently not supported.
- The provider's data that is used to create the account is not displayed to the user and the user is not asked to confirm the data, e.g., using transaction approval.
Therefore, if this feature is used, the provider must guarantee that the provided data is valid (e.g., channel-verified and validated). IAM must trust the provider to do appropriate validation.
An automated account registration fails if a user already exists on IAM but its context data differs from the data sent by the provider. This can potentially be used to find out if a user exists in the IAM database (user enumeration attack). Ensure this is not an issue in the given setup, especially if the provider allows users to self-register.