Access Management 7.3.1

Federate identities

AM supports linking, or federating, identities between the IDP and the SP.

See the following table for a list of tasks to configure how AM federates identities:

Task Resources

Decide whether to permanently link identities

AM lets you choose whether to maintain the link between federated entities after logout (persistent federation) or to create a new link each time the user logs in (transient federation).

Also, learn how to manage persistent federation.

Link identities automatically

Configure AM to link identities automatically when they exist in both the IDP and the SP, or to create an account on the SP when the NameID that the IDP provides unequivocally identifies the identity.

Link identities using the authentication service

Configure AM to link identities when the NameID that the IDP provides is not enough to unequivocally identify the identity.

Link identities in the IDP to a single, shared account on the SP

Configure AM to temporarily link an identity in the IDP to, for example, the anonymous user in the SP.

Copyright © 2010-2024 ForgeRock, all rights reserved.