Associating User Accounts
The WSO2 Identity Server enables users to merge multiple accounts and switch between accounts after logging in to a merged account. It also enables you to connect your federated user credentials with your WSO2 Identity Server account. This topic provides instructions on how to achieve this.
You can merge multiple user accounts and switch between them by following one of the two approaches listed below.
Using the AdminService
The first approach is to use the AdminService
. You can access this admin service using the following URL: 'https://<HOST_NAME>:9443/services/UserAccountAssociationService?wsdl
'. If you are new to admin services, see Calling Admin Services.
The following actions can be performed using above admin service.
- Create a new user account association
- Delete an existing user account association
- Get all associated user accounts of the logged in user
- Switch between associated user accounts without re-authenticate with the system
Using the dashboard
The WSO2 Identity Server end user dashboard can be used to associate the accounts. You can associate a local user account or a federated user account:
Managing local user IDs
- Go to the dashboard URL: https://localhost:9443/dashboard/
- Log in using your username and password.
- Click the View details button that corresponds to the Associated User Accounts gadget.
- You can see all associated accounts of the user that you logged in as. This table includes the user ID and identity provider of all the associated user accounts of the user.
- You can initiate a new user account association by clicking the Add Association button under Associated Accounts.
- Select Local as the Account Type, and enter the username and password of the user account that you want to connect to.
Click Associate to associate this user account. If it is authentic, WSO2 Identity Server authenticates the user account and saves that user account as an association to the user account of the logged in user. - You can delete this user account association by clicking Remove in the Associated Accounts list.
- You can also switch between associated user accounts without having to re-authenticate the user account with the Identity Server. In the user dashboard UI, the associated user accounts appear under the dropdown list at the top right corner of your screen. You can switch between accounts by selecting the required user account from the dropdown. Note that the session key does not change during this operation.
Managing federated user IDs
Note
Associate user accounts of federated users via the dashboard is enabled by default. you have to edit the <IS_HOME>/repository/conf/identity/identity.xml
file and change the EnableFederatedUserAssociation
parameter under Server tag to false to make it disabled.
Tip
The recommended approach is to have the EnableFederatedUserAssociation
parameter set to false
so that manual federated user association is not allowed by default via the dashboard.
To use these feature, apply the 5908 WUM update for WSO2 Identity Server 5.6.0 using the WSO2 Update Manager (WUM). To deploy a WUM update into production, you need to have a paid subscription. If you do not have a paid subscription, you can use this feature with the next version of WSO2 Identity Server when it is released. For more information on updating WSO2 Identity Server using WUM, see Getting Started with WUM.
You can connect your federated user IDs with your WSO2 Identity Server account from the end user dashboard. To set this up, do the following.
Note
You need to setup an Identity Provider before continuing this process. For more information on how to do this, see Adding and Configuring an Identity Provider.
- Go to the dashboard URL: https://localhost:9443/dashboard/
- Log in using your username and password.
- Click the View details button that corresponds to the Associated User Accounts gadget.
- You can see all associated accounts of the user that you logged in as. This table includes user ID and the identity provider of all associated user accounts of the user.
- You can initiate a new user account association by clicking the Add Association button under Associated Accounts.
- Select the Federated as the Account Type from the dropdown provided, and enter the username and password.
Click Associate to connect this user account to the WSO2 Identity Server account of the logged in user.
- You can delete this user account association by clicking Remove on the Associated Accounts list.