Federated provisioning involves the setup of accounts, profiles, and/or access privileges for users, either ahead of or during the login process.

A federated login may be accompanied by a unique identifier that is provisioned locally ahead of time. Alternatively, local accounts may be associated with credentials that users may use to prove their identity and subsequently "link" their local account to a federated identity. This creates a session-based account association which may be turned into a link based on a unique federated identifier.

Still another alternative is a local account "activation" process based on knowledge-based authentication of the subject. The user may prove him or herself through the matching of local data to Attributes obtained during federated login, or by directly prompting the user for the information. Once activated, the user's account can be associated to a unique identifier as in the more direct linking approaches.

  • Account Activation
  • Resource Invitation/Sharing
    • Email-based Invitation
    • Alternatives to Email?
  • No labels