Federating Identities

AM supports linking, or federating, identities between the IDP and the SP.

See the following table for a list of tasks to configure how AM federates identities:

Task	Resources
Decide Whether to Permanently Link Identities AM lets you choose whether to maintain the link between federated entities after logout (persistent federation) or to create a new link each time the user logs in (transient federation). Also, learn how to manage persistent federation.	"Persistent or Transient Federation"
Link Identities Automatically Configure AM to link identities automatically when they exist in both the IDP and the SP, or to create an account on the SP when the `NameID` that the IDP provides unequivocally identifies the identity.	"Linking Identities Automatically with Auto-Federation" "Creating Identities Automatically with Auto-Federation"
Link Identities Using Trees or Chains Configure AM to link identities when the `NameID` that the IDP provides is not enough to unequivocally identify the identity.	"Linking Identities by Using Authentication Trees or Chains"
Link Identities in the IDP to a Single, Shared Account on the SP Configure AM to temporarily link an identity in the IDP to, for example, the `anonymous` user in the SP.	"Linking Identities to a Single, Shared Account"