Account Linking
How does account linking work?
The account linking works as an interceptor. In order to enable the account linking feature, user can access the interceptor tab at the application connection or the identify provider connection and do following steps:
To do the account credentials verification, there are 2 implementations ready which can be selected on "Interceptor's dependency type" dropdownlist:
Choose: "Account Linking" at the dropdownlist of the "interceptor type name".
Enable the "Interceptor" login flow.
- A stub implementation for testing - choose: "Test Dummy User Verification"
- A real implementation for the sample application - choose: "Form Based Account Identity Verification"
Depending on the selection at the "Interceptor's dependency type", it will show all the default required settings as following.
Required setting for both selections
- externalUserNameClaimType: specifies the claim type storing external user name. This claim type must exist on Identify tenant.
Required settings for sample application selection
- destination: url of the login form of the external service.
- usernamekey: is to specify the id of the user name element on the destination login form.
- passwordkey: is to specify the id of the password element on the destination login form
Beside of the default required settings, each interceptor's dependency type would need some other settings. These settings could be added with prefix as "param".
Here is the sample for "Form Based Account Identity Verification":
To be noticed:
If the logged in user already has value on the claim specified on the above setting "externalUserNameClaimType", this user will be treated as a linked account. Hence, the interceptor will not be executed and the login flow will be performed as-is.
How does "Test Dummy User Verification" work?
The stub credentials validator works with following scenario:
Valid case
To simulate valid case, enter "valid" for user name, the interceptor will do following steps
- Update Identify user's claim which is defined on setting "externalUserNameClaimType" to "valid"
- This interceptor behavior is done and the login flow will be continued as is.
Max attempt exceeded case
To simulate max attempt exceeded case, enter "max" for user name, the interceptor will show error message as on the following image
Invalid case
To simulate invalid case, enter "invalid" for user name, the interceptor will show error message as on the following image
How does "Form Based Account Identity Verification" work?
There are 4 required default settings for "Form Based Account Identity Verification" dependency type. In addition, if the login form requires extra hard-coded parameters, these elements would be added as many as wished, in which their key must have "param" prefix as mentioned on the above section.
Technically, when this interceptor is executed, it will post username, password, and additional parameters to the destination url. After that, depending on response status received from external service, this interceptor will show different message to user as following cases.
Response code 200
Interceptor will do following steps.
Update Identify user's claim. In which the external service's account name will be updated to user's claim which is defined on setting "externalUserNameClaimType"
This interceptor behavior is done and the login flow will be continued as is.
Response code 401
Interceptor will show Invalid message received from external service. An example is as on following image
Response code 429
Interceptor will show MaxAttemptExceeded message received from external service. An example is as on following image
Other response codes
Interceptor will show Invalid message received from external service. An example is as on following image
How to check user's claims contact?
If the logged in user doesn't have any account, he might click on "I DON'T HAVE ANOTHER ACCOUNT". It will redirect user to a new page showing all of his/her claims and administrator's contact. He/she might need to get more details from administrator later then.
