Identity Cloud

Federate identities

Federation in SAML 2.0 is a necessary step that provides a seamless SSO experience to users. Federation is the agreement between an Identity provider (IDP) and one or more Service providers (SPs) to use the same standard. This allows the IDP and SP to share information in a trusted manner within a circle of trust.

Refer to the following table for a list of tasks to configure how Identity Cloud federates identities

Task Resources

Decide whether to permanently link identities

Identity Cloud lets you choose whether to maintain the link between federated entities after logout (persistent federation) or to create a new link each time the user logs in (transient federation).

Also, learn how to manage persistent federation.

Link identities automatically

Configure Identity Cloud to link identities automatically when they exist in both the IDP and the SP, or to create an account on the SP when the NameID that the IDP provides unequivocally identifies the identity.

Link identities using the authentication service

Configure Identity Cloud to link identities when the NameID that the IDP provides is not enough to unequivocally identify the identity.

Link identities in the IDP to a single, shared account on the SP

Configure Identity Cloud to link an identity in the IDP temporarily. For example, to link the anonymous user in the SP.

For a list of frequently asked questions, refer to the knowledge base article FAQ: SAML 2.0 federation in Identity Cloud.

Copyright © 2010-2024 ForgeRock, all rights reserved.