Account linking

When users sign in via The Identity Hub by using different account providers their accounts will (by default) get different identities as well.
This means that for an app to see that different accounts are one and the same user the different accounts of the user should be linked to one single identity.
After doing so, the app will get the same PPID no matter what account the user chooses to sign in with.

Linking of accounts is only possible for accounts related to account providers that have the setting 'Can be used to link with' enabled.

Account linking can be organized during the login process in 2 different ways:

1. by configuring The Identity Hub to recognize the email address
2. by enforcing a login via a Master Account Provider

Account linking can also be organized from within an app.

Account linking during authentication flow

Link accounts during authentication flow based on email address

At tenant level an administrator can configure that accounts can be linked based on email address.
To do so, see: Tenant Configuration Options - Security

Link accounts during authentication flow due to required Master Account Provider

As different account providers might provide in different claims about the user or have a different authentication strength, it might also be an option to set a specific account provider as Master Account Provider.
In this case a user will be forced to also sign in with this master account provider and both accounts will end up linked.

At account provider level an administrator can configure that another Account provider is mandatory.
To do so, see: Master Account Provider

Account linking from within an app

From within an app it is possible to present the user with a button to allow the user to link a new account to the current identity for a specific account provider.

See the usage of CanAddAnotherAccount and SignUrl in the returned Response for the Rest API - Identity Accounts

View accounts linked to an Identity as an Administrator

1. Open the list of Identities within a tenant
2. Search for the identity
3. Select the identity
4. Click Accounts in the left menu, below every account provider you can see if the identity has an associated account

Related

Activate an Account Provider Master Account Provider Tenant Configuration Options - Security