When defining an identity provider partner record, the service provider requires local user accounts to be mapped for imposing its access control model. The process of mapping SAML user accounts from the IdP to the local user accounts at the service provider is known as account linking. In this case, external user accounts that are authenticated by the identity provider need to be mapped to generic local user accounts with permission to access resources.
To create an identity store for account linking:
- In the Launch Pad tab, under Federation, click Service Provider Management.
- In the Service Provider Administration tab, click Create Identity Provider Partner and then complete the following:
- In the Name field, enter a name (for example, FederationStore) for the identity provider partner.
- In the User Identity Store menu, under User Mapping, select the name of the identity store that you used to configure SSO.
- In the relevant fields, enter the information that you recorded from the identity store earlier.
- Click Apply.
- (Optional) Enable automatic user provisioning for the local identity store used by service providers by completing the tasks in Enabling Automatic User Provisioning for the Local Identity Store used by Service Providers.