---
title: Federate identities
description: Federation in SAML 2.0 is a necessary step that provides a seamless SSO experience to users. Federation is the agreement between an identity provider (IdP) and one or more service providers (SPs) to use the same standard. This allows the IdP and SP to share information in a trusted manner within a circle of trust.
component: pingoneaic
page_id: pingoneaic:am-saml2:saml2-linking-accounts
canonical_url: https://docs.pingidentity.com/pingoneaic/am-saml2/saml2-linking-accounts.html
keywords: ["SAML 2.0", "Single Sign-on (SSO)", "Federation"]
page_aliases: ["saml2-guide:saml2-linking-accounts.adoc", "auto-federate-with-dynamic-creation.adoc"]
---

# Federate identities

Federation in SAML 2.0 is a necessary step that provides a seamless SSO experience to users. Federation is the agreement between an identity provider (IdP) and one or more service providers (SPs) to use the same standard. This allows the IdP and SP to share information in a trusted manner within a [circle of trust](saml2-providers-and-cots.html#create-cot).

Refer to the following table for a list of tasks to configure how Advanced Identity Cloud federates identities

| Task                                                                                                                                                                                                                                                                                                             | Resources                                                                                   |
| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------- |
| **Decide whether to permanently link identities**Advanced Identity Cloud lets you choose whether to maintain the link between federated entities after logout (persistent federation) or to create a new link each time the user logs in (transient federation).Also, learn how to manage persistent federation. | [Choose persistent or transient federation](choose-persistent-or-transient-federation.html) |
| **Link identities automatically**Configure Advanced Identity Cloud to link identities automatically when they exist in both the IdP and the SP.                                                                                                                                                                  | [Link identities automatically with auto-federation](auto-federation.html)                  |
| **Link identities using the authentication service**Configure Advanced Identity Cloud to link identities when the `NameID` that the IdP provides is not enough to unequivocally identify the identity.                                                                                                           | [Link identities for authentication](linking-auth-tree.html)                                |
| **Link identities in the IdP to a single, shared account on the SP**Configure Advanced Identity Cloud to link an identity in the IdP temporarily. For example, to link the `anonymous` user in the SP.                                                                                                           | [Link identities to a single, shared account](auto-federate-using-anonymous.html)           |