PingOne Advanced Identity Cloud

Federate identities

Federation in SAML 2.0 is a necessary step that provides a seamless SSO experience to users. Federation is the agreement between an identity provider (IdP) and one or more service providers (SPs) to use the same standard. This allows the IdP and SP to share information in a trusted manner within a circle of trust.

Refer to the following table for a list of tasks to configure how Advanced Identity Cloud federates identities

Task Resources

Decide whether to permanently link identities

Advanced Identity Cloud lets you choose whether to maintain the link between federated entities after logout (persistent federation) or to create a new link each time the user logs in (transient federation).

Also, learn how to manage persistent federation.

Link identities automatically

Configure Advanced Identity Cloud to link identities automatically when they exist in both the IdP and the SP.

Link identities using the authentication service

Configure Advanced Identity Cloud to link identities when the NameID that the IdP provides is not enough to unequivocally identify the identity.

Link identities in the IdP to a single, shared account on the SP

Configure Advanced Identity Cloud to link an identity in the IdP temporarily. For example, to link the anonymous user in the SP.

For a list of frequently asked questions, refer to the knowledge base article FAQ: SAML 2.0 federation in Advanced Identity Cloud.