I’m using 3 different idps (Facebook, Azure AD and Gmail).
It should be possible for Users to Login without having an Account before in Okta using Facebook or Gmail. Therefore JIT is aktivated in all three ipds.
When a User logs in via Facebook a User is created in Okta.
When the same user logs in via Azure AD another user is Created in Okta.
Is there any possibility to do Account-Linking on these two generated Users manually?
So that when a user logs in with facebook or with azure ad the user can access both apis?
I have tested automatic account linking via email, but in our use case above we can’t do account linking via this attribute, because we don’t have the information, or the accounts already exists.
So that when a user logs in with facebook or with azure ad the user can access both apis?
I am not sure I understand what is meant here? Do you mean if a single Okta account linked to both a facebook and Azure account logs in via facebook, that would also automatically authenticate them against Azure? If so that would not happen.
Users with @gmail are Users from idp google. Users with myaaddomain are users from azure ad. User with oktauser are users created direktly in okta.
I wan’t to link testuser1@gmail.com which already is listed in users in okta because idp provider google created them, with the user testuser1@myaaddomain.com which also already exists in okta.
After this linking testuser1 should be able to get a token for aad and google no matter which login the user choose.