Federation Manager Guide › Federation Manager Introduction › Federation in Your Enterprise › User Identification Across the Partnership

User Identification Across the Partnership

Business partners each have their own method of defining user identity in their respective user stores. How users are identified determines how one partner can map its users to the other partner.

Consider the following scenarios:

• The User ID is the same at each site's user store

  Account linking is the method of user identification.

• The User ID is unique at each site's user store

  Identity mapping is the method of user identification. At FinancePro, a customer is identified as JohnDoe, while at BankLtd this same customer is identified as DoeJ. The partners need to agree on a user attribute profile to use for identity mapping.

• The User ID does not exist at the relying party

  Account provisioning is the method for user identification. Provisioning an account can require creating a new account for a user or simply populating an existing user account with information in the SAML assertion.

The user identification decision determines what information is sent as the user identity in the assertion.