Requesting accounts

Overview of the account request feature and the two request flows supported by the Genero Identity Provider (GIP): local GIP accounts and external IdP (SSO) accounts.

The GIP supports an account-request workflow that lets users ask for access to an application from the GIP sign-in page. Administrators review requests in the Console App and must approve and configure the account before the user can sign in.

There are two request flows:

Local GIP account

The user completes a Create Account form hosted by the GIP. The request is routed to administrators for approval; once approved the administrator assigns roles and the user can sign in using GIP credentials.

External IdP (SSO) account

The user starts from an application protected by an external identity provider. The GIP collects the IdP userinfo payload and creates a request entry for administrator review. Verified attributes from the IdP (for example, a verified email) help administrators validate requests.

Prerequisites and configuration

Administrators must enable the feature by setting oidc.account.create.allow to true in the GIP fglprofile configuration and restarting the Genero Application Server (GAS). For details, go to Configuring GIP account requests.
Use the Console App to review and approve or reject requests and to assign roles before granting access.

See the task topics for step-by-step instructions: