Master Account Provider

In The Identity Hub you can configure that a user needs to authenticate with a specific Account Provider before authentication succeeds.

Example Use Case

As an example use case consider the following:

  • A user can authenticate using the Facebook Account Provider.
  • A user can authenticate using a Smart Card.
  • You want to allow a user to authenticate with Facebook for convenience but require that the user links a Smart Card account to the Facebook account.

This can be achieved using Master Account Provider configuration.

Note

When the Master Account Provider is a Smart Card or any Account Provider (e.g. SAML-P Account Provider, WS-Federation Account Provider...) where information can only be obtained during the authentication flow, you will need to configure the Max-Age to prevent the user having to reconfirm (authenticate) the Smart Card account each time he authenticates using another account provider.

Authentication flow when a Master Account Provider is configured

The authentication flow is as follows

New user

  1. User authenticates using an Account Provider.
  2. After authentication the user is redirected to a page where he needs to authenticate with one of the configured Master Account Providers.
  3. After authentication with the Master Account Provider the user is asked to confirm he wants to link the Master Account Provider.
  4. Upon confirmation the user is authenticated and can continue.

New user authenticates with the Master Account Provider

  1. When the user authenticates using a Master Account Provider, the user does not have to perform any extra steps.

Existing user

When an existing user authenticates using an Account Provider that has been configured with a Master Account Provider since the last authentication:

  1. User authenticates using an Account Provider.
  2. After authentication the user is redirected to a page where he needs to authenticate with one of the configured Master Account Providers.
  3. After authentication with the Master Account Provider the user is asked to confirm he wants to link the Master Account Provider.
  4. Upon confirmation the user is authenticated and can continue.

Configure a Master Account Provider

  1. Navigate to the Account Providers Admin Page (https://www.theidentityhub.com/{tenant}/Admin/AccountProvider) of your Tenant and click Edit on the Account Provider. If you don't have a Tenant yet, you can register one for free.
  2. In the Master Account Providers list, check one or more Account Providers.
  3. Click Save.

Amazon Account Provider
Activate an Account Provider
Built-in Username and Password Account Provider
Custom Account Providers
Facebook Account Provider
GitHub Account Provider
Google Account Provider
Instagram Account Provider
LinkedIn Account Provider
Microsoft Account Provider
myID.be Account Provider
PayPal Account Provider
SAML-P Account Provider
StackExchange Account Provider
Twitter Account Provider
WS-Federation Account Provider