Identity mapping

Identity mapping is at the core of identity federation. One of the primary goals of SAML is to provide a way for an identity provider (IdP) to send a secure token, called the assertion, containing user-identity information that a service provider (SP) translates or maps to local user stores.

For browser-based single sign-on (SSO), PingFederate enables two modes of identity mapping between domains: account linking and account mapping.

For WS-Trust security token service (STS), PingFederate uses account mapping.

See subsequent topics for more information about these identity mapping options.

Supported standards

PingFederate Server

Identity mapping

Related links