Currently in order to authenticate via SAML, a user needs to exist in the Internal Directory or be able to be pulled in from an external source like LDAP or Crowd. If the user does not already exist then access to the application will be denied even if the IdP successfully authenticates the user. This presents a problem for new users as administrators will need to manually create the user.

This feature request is to allow users to be auto-created in the application's internal directory so that new users that are authenticated through SAML can be automatically created in the application and logged in, provided that the SAML response contains all the necessary information which the application requires (email, display name, username, etc)