Federate identities

Federation in SAML 2.0 is a necessary step that provides a seamless SSO experience to users. Federation is the agreement between an Identity provider (IDP) and one or more Service providers (SPs) to use the same standard. This allows the IDP and SP to share information in a trusted manner within a circle of trust.

Refer to the following table for a list of tasks to configure how Identity Cloud federates identities

Task Resources

Task	Resources
Decide whether to permanently link identities Identity Cloud lets you choose whether to maintain the link between federated entities after logout (persistent federation) or to create a new link each time the user logs in (transient federation). Also, learn how to manage persistent federation.	Choose persistent or transient federation
Link identities automatically Configure Identity Cloud to link identities automatically when they exist in both the IDP and the SP, or to create an account on the SP when the `NameID` that the IDP provides unequivocally identifies the identity.	Link identities automatically with auto-federation Create identities automatically with auto-federation
Link identities using the authentication service Configure Identity Cloud to link identities when the `NameID` that the IDP provides is not enough to unequivocally identify the identity.	Link identities for authentication
Link identities in the IDP to a single, shared account on the SP Configure Identity Cloud to link an identity in the IDP temporarily. For example, to link the `anonymous` user in the SP.	Link identities to a single, shared account

Decide whether to permanently link identities

Identity Cloud lets you choose whether to maintain the link between federated entities after logout (persistent federation) or to create a new link each time the user logs in (transient federation).

Also, learn how to manage persistent federation.

Choose persistent or transient federation

Link identities automatically

Configure Identity Cloud to link identities automatically when they exist in both the IDP and the SP, or to create an account on the SP when the NameID that the IDP provides unequivocally identifies the identity.

Link identities using the authentication service

Configure Identity Cloud to link identities when the NameID that the IDP provides is not enough to unequivocally identify the identity.

Link identities for authentication

Link identities in the IDP to a single, shared account on the SP

Configure Identity Cloud to link an identity in the IDP temporarily. For example, to link the anonymous user in the SP.

Link identities to a single, shared account