Configure account requests for external IdPs

Enable and configure account requests so users authenticating with external identity providers can request accounts from the Console App sign‑in screen.

GIP must be upgraded to version 6.00 or later to activate the account request feature. For step-by-step instructions, see Migrate the GIP database. To view the GIP version, open the Console App and go to Help > About.
  1. Configure your external identity provider in GIP Console. For example, to set up Google authentication. For details, go to Configure external IdP authentication.
  2. Open your GIP fglprofile configuration file located in $FGLDIR\web_utilities\services\gip\bin\idp.
  3. Set the oidc.account.create.allow parameter to true to enable the account request feature: 
    oidc.account.create.allow = true
  4. Set the oidc.account.creation.end_url parameter to a path (resolved relative to the GAS base URL) to redirect users after submitting the request (for example: "/demos.html") 
    oidc.account.creation.end_url =  "/demos.html"
  5. Save the configuration file and restart the Genero Application Server (GAS) to apply the change.
  6. Verify that the Create Account link appears on the Console App sign-in screen beneath each external identity provider's sign-in button. If the option is missing, confirm the identity provider and GIP configuration and that account-requesting is permitted by your authorization settings.
    Figure: GIP sign-in screen with create account option for external IdP

    Image shows GIP sign-in screen, pointing out the Create Account request link for Google

Once enabled, users authenticated by external identity providers can request to create accounts directly from the GIP sign-in screen. For details, go to Request an account via external IdP (SSO). When users click the Create Account link beneath an identity provider button, they authenticate with that provider and submit their account request. Access isn’t immediate. A GIP administrator must then review the external identity provider information, approve the request, and configure user roles. To learn more about this process, go to Manage user account requests.