Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello! Newbie here, just getting familiar with Ory and the community.

I want to figure out how to administratively create an account for a user signing through SSO. I have a SaaS app that requires invitations to the platform. If the user doesn't already exist in the system, I can create an email/password login but the same for SSO doesn't seem documented. The closest seems to be this section on *<https://github.com/ory/docs/blob/master/docs/kratos/organizations/organizations.mdx#pre-provisioning-identities-in-an-organization|Pre-provisioning identities in an organization>* but it doesn't reference how to accomplish the user creation.

Do you have the `sub` claim that the provider returns. If you do, you can create the identity through the API and set its OIDC credential config.

Potentially. We're working in Azure to start. I'll have to see if that's something we can re-use from the inviting user.

Do you have a reference for that API call?

<https://www.ory.sh/docs/reference/api#tag/identity/operation/createIdentity>

And then use `oidc` credential config, it should use the provider id from your config, and the subject that the provider will return during the login (typically not the email address!)

Awesome! This seems like a better start than what I had. Thank you!