AM supports linking, or federating, identities between the IDP and the SP.
See the following table for a list of tasks to configure how AM federates identities:
Decide Whether to Permanently Link Identities
AM lets you choose whether to maintain the link between federated entities after logout (persistent federation) or to create a new link each time the user logs in (transient federation).
Also, learn how to manage persistent federation.
"Persistent or Transient Federation"
Link Identities Automatically
Configure AM to link identities automatically when they exist in both the IDP and the SP, or to create an account on the SP when the NameID that the IDP provides unequivocally identifies the identity.
"Linking Identities Automatically with Auto-Federation"
"Creating Identities Automatically with Auto-Federation"
Link Identities Using Trees or Chains
Configure AM to link identities when the NameID that the IDP provides is not enough to unequivocally identify the identity.
"Linking Identities by Using Authentication Trees or Chains"
Link Identities in the IDP to a Single, Shared Account on the SP
Configure AM to temporarily link an identity in the IDP to, for example, the anonymous user in the SP.
"Linking Identities to a Single, Shared Account"
201 Mission St. Suite 2900 San Francisco, CA 94105 USA +1 415-599-1100 (US) www.forgerock.com