Account linking and registration
17.7.3.6. Account linking and registration flow configuration

The instruction-lists in this chapter apply to the Loginapp REST API only.

Procedure-related prerequisites

  • You need to be logged in to the Airlock IAM Adminapp and be able to access the Config Editor.
  • Airlock IAM must already be configured as OAuth 2.0 oder OIDC client.
  • Account Linking and Registration
  • 1.
    Go to:
    Loginapp >> OAuth Loginapp2.0/OIDC Clients
  • 2.
    Select the desired OAuth 2.0 or OIDC client settings plugin from the AS Setting For Clients list.
  • 3.
    Go to section:
    Account Linking and Registration
  • 4.
    Account Linking Self-Service configure this plugin if users are allowed to add this remote authorization server with a self-service flow.
  • 5.
    Missing Account Link Red Flag if this plugin is configured, a Red Flag will automatically be raised during the OAuth 2.0 SSO Step in the authentication flow, if the account link is missing. The Red Flag can then be used to start a subflow to locally authenticate the user and add an account link.
    If the authentication flow does not support account linking or if account linking fails, then the authentication will also fail.
  • 6.
    Enable Account Linking: enable this option, if users have both a local account and accounts with the remote authorization servers. If this option is enabled, the Account Link Database Repository plugin must be configured.
    Disable this option and use a persistency-less flow if users do not have local accounts.
  • 7.
    Auto-link IAM Account Based on Context Data Field configure this plugin, to automatically determine account links based on matching a remote attribute with a local context data item.
  • 8.
    Automated Account Registration configure this plugin if Airlock IAM should create a local account automatically during Account Linking. If this option is enabled, the Account Link Database Repository plugin must be configured.
    Combined with Auto-link IAM Account Based on Context Data Field this plugin will only register a new account if the automated link failed.
    This plugin cannot be combined with Missing Account Link Red Flag.
  • Airlock IAM now supports linking accounts from the remote authorization server with the desired options.

Further information and Links