You didn't specify what type of authentication you are using, but if it's OIDC, then you can take advantage of Operator Provisioning feature which does what you need. It creates operator record for the end-user who logs in for the first time. You can configure how the operator id is created and even specify a model operator which serves as a template for all the newly created ones. Really cool feature.
Take a look at step 2 in this article. It provides screenshot of the Authentication Service configuration section responsible for operator mapping and provisioning. The article is about OIDC (OpenID Connect) authentication, but the same functionality is available for SAML authentication.
Pega has a default activity called AddNewOperatorRecord with which we can create new Operator ID and in order to avoid the errors while running the activity , we need to include pyOrganization , pyOrgDiv and pyOrgUnit as parameters and we can set these values with the help of Property Set method in the Activity.