Give Internal Users Login Access to Communities Through an External Authentication Provider
Where: This change applies to Lightning Experience and Salesforce Classic in Enterprise, Performance, Unlimited, and Developer editions.
How: Your Salesforce developer must update the Apex createUser(portalId, userData) registration handler method to account for both internal and external user creation during OpenID Connect SSO to communities. For example, the developer can use a unique attribute in the userData object to determine whether the newly created user is internal or external.
The remaining processes of creating external users, configuring the service provider website, and defining the authentication provider in your org remain the same.