When defining an identity provider partner record, the service provider requires local user accounts to be mapped for imposing its access control model. The process of mapping SAML user accounts from the IdP to the local user accounts at the service provider is known as account linking. In this case, external user accounts that are authenticated by the identity provider need to be mapped to generic local user accounts with permission to access resources.
To create an identity store for account linking:
- In the Launch Pad tab, under Configuration, click User Identity Stores.
- In the User Identity Stores tab, under OAM ID Stores, complete the following:
- Select the identity store that you use for SSO and then click Edit.
- For later use, record the values in the identity store fields.
Note: The name of the tab reflects the name of the identity store that you select.
- In the User Identity Stores tab, under OAM ID Stores, click Create.
- In the Create: User Identity Store tab, complete the following:
- In the Store Name field, enter a name for the identity store.
For example, FederationStore
- In the Login ID Attribute, under Users and Groups, enter the LDAP attribute which identifies a unique login ID for your users.
- In the relevant fields, enter the information that you recorded from the identity store earlier.
- Click Apply.
- In the Store Name field, enter a name for the identity store.
- (Optional) Enable automatic user provisioning for the local identity store used by service providers by completing the tasks in Enabling Automatic User Provisioning for the Local Identity Store used by Service Providers.