When users sign in via The Identity Hub by using different account providers their accounts will (by default) get different identities as well.
This means that for an app to see that different accounts are one and the same user the different accounts of the user should be linked to one single identity.
After doing so, the app will get the same PPID no matter what account the user chooses to sign in with.
Linking of accounts is only possible for accounts related to account providers that have the setting 'Can be used to link with' enabled.
Account linking can be organized during the login process in 2 different ways:
- by configuring The Identity Hub to recognize the email address
- by enforcing a login via a Master Account Provider
Account linking can also be organized from within an app.
Account linking during authentication flow
Link accounts during authentication flow based on email address
At tenant level an administrator can configure that accounts can be linked based on email address.
To do so, see: Tenant Configuration Options - Security
Link accounts during authentication flow due to required Master Account Provider
As different account providers might provide in different claims about the user or have a different authentication strength, it might also be an option to set a specific account provider as Master Account Provider.
In this case a user will be forced to also sign in with this master account provider and both accounts will end up linked.
At account provider level an administrator can configure that another Account provider is mandatory.
To do so, see: Master Account Provider
Account linking from within an app
From within an app it is possible to present the user with a button to allow the user to link a new account to the current identity for a specific account provider.
See the usage of CanAddAnotherAccount and SignUrl in the returned Response for the Rest API - Identity Accounts
View accounts linked to an Identity as an Administrator
- Open the list of Identities within a tenant
- Search for the identity
- Select the identity
- Click Accounts in the left menu, below every account provider you can see if the identity has an associated account