Identity mapping is at the core of identity federation. One of the primary goals of SAML is to provide a way for an identity provider (IdP) to send a secure token, called the assertion, containing user-identity information that a service provider (SP) translates or maps to local user stores.
For browser-based single sign-on (SSO), PingFederate enables two modes of identity mapping between domains: account linking and account mapping.
For WS-Trust security token service (STS), PingFederate uses account mapping.
See subsequent topics for more information about these identity mapping options.