Verify if the user exits

Scenario

When a user signs in with BankID, Microsoft Entra creates a federated account if one does not already exist.

If you prefer to manage the account creation process yourself, Fortified ID Access can verify whether the account already exists. If no account is found, Fortified ID Access can terminate the authentication flow and redirect the user to a customer-managed website, where the account can be created in a controlled manner.

Prerequisite

• Fortified ID Access is already installed and configured to handle authentication (sign in) with Entra

• You can sign-in with BankID

Overview

In short you create an Entra module so you can execute Graph API commands to see if user already exits. The Graph API will run using the AuthZ control. If the user already exist login will be terminated and user redirected to customer-managed website, where the account can be created in a controlled manner.

Add an Entra module

Check this use case to add an Entra module in Fortified ID Access and how to registrate and use an app in Entra. Common configuration EntraID (Graph API)

Add an Auth controller

1. Login to Management Center - Access

2. Click Configuration tab

3. Expand Authentication methods and click + to add new method

4. Add an Auth controller

5. Add the following configuration

   1. "pattern": ".User missing.",

   2. "target": "https://company.local/create-account/".

6. Click Update when finished

7. Expand the Auth Controller and click the Pipe associated with the controller.

   1. Click JSON button to view the Pipe in JSON mode.

   2. Replace existing valves and add the following valves to the Pipe

1. Click Update when finished

Add your Auth controller to your SAML SP or OIDC OP

1. Click your SAML IdP or OIDC OP

2. Click the AUTHENTICATION tab

3. Click Add authenticator

4. Add your newly created Auth controller.

5. Click Update when finished

6. Deploy all changes.