Design an Authentication Provider User Registration Flow

All registration handler flows must be of the Identity User Registration Flow type. To work for single sign-on (SSO), your flow must be configured to handle these tasks.

• Determine whether to create or update a user based on information returned by the identity provider.
• Create a complete user record with information from the identity provider. The user must have an assigned profile. If the user is an external user, such as a customer or partner, the user record must also have an associated account and contact.
• Update existing user records with information from the identity provider.

Depending on your use case, you can also customize your registration handler to complete these tasks.

• Create internal and external user records, depending on whether the user is logging in to an org or Experience Cloud site.
• Control user access at runtime by managing permission set assignments for new and updated users.
• Get user information from the identity provider's user info response or ID token. Use the Get User Data from JSON String invocable action to retrieve a specific attribute from a complex, nested JSON structure.
• Generate placeholder user data if the identity provider doesn't return enough information to create a complete user record. Use the Generate User Data invocable action.

To get started, we recommend that you customize the Authentication Provider User Registration template. For a detailed overview of how this template works, see Example: Authentication Provider Registration Handler Flow.