Account linking

Account linking is a feature configured in the OAuth/OIDC client settings. It allows the user to log in with credentials valid at a remote authorization server.

  • Airlock IAM supports multiple different use cases:
  • Authentication with remote credentials only.
  • Authentication with both remote and local credentials.
  • Authentication with and without a persisted local user account.
  • Automated and manual registration of an account and account links.
  • End-user self-services to manage account links.
  • Management in the Adminapp.

If the feature is enabled, the corresponding OAuth Client can only be used by linked IAM accounts as it involves loading the IAM account (and therefore requires a User Data Store in the Loginapp).

Hence, if the feature is enabled, the corresponding OAuth Client cannot be used by users without an IAM account. For such users, an IAM account can be automatically registered with the social registration feature - Automated Account Registration.

Auto-linking existing IAM accounts

Existing Airlock IAM accounts can have a globally unique attribute that can be used to automatically link a provider's account. To use this feature, the property Auto-link IAM Account Based on Context Data Field has to be set.

For security reasons, this feature should only be enabled for globally unique attributes previously verified by the IAM registration process (e.g. Self Reg) and the provider's registration process.