Account Linking

The act of associating or connecting one user account with another. In order for account linking to take place:

  1. The Curity Authentication Server must be configured to allow linking between certain types of authentication methods (i.e., two “domain”). Refer to the Account Linking.
  2. The user must prove they control both accounts by logging in with both. For this to work, the first account must be saved in a SSO Session.
Authentication Providers
The services that verify the digital identity of someone or something given a shared secret or credential that is only known by or in the possession of that principal.
Authentication Service
The Authentication profile of the Curity Identity Server. Responsible for all authentication tasks.
The Authentication Server verify user identities against multiple Authentication Providers; it does this using plug-in components called Authenticators. These Authenticators are responsible for validating credentials. The Authentication Service provides the logic for determining which Authenticators should be presented to a user, collecting the credentials required to verify their identity, and integrate with other services in the Curity Identity Server.
Authorization Server (AS)
An OAuth 2.0 Token server. It is the issuing entity of OAuth tokens, and is considered to be a Secure Token Service (STS).
Identity Management System (IMS)
The system that provides and manages digital identities, commonly abbreviated IMS.
Multi-Factor Authentication (MFA)
An authentication concept where the user is required to authenticate with more than one factor. A factor can be something you know (a password), something you have (a phone or a key fob) or something you are (a fingerprint). Combining these provides a higher level of assurance that the user account has not been compromised.
A standard for issuing tokens granting access to resources. See RFC 6749.
OpenID Connect (OIDC)
A standard for issuing Authentication statements cross domains.
OpenID Connect Provider (OP)
The issuing party in the OpenID Connect standard.
A functionality in Curity Identity Server. Provides the end functionality of the server.
Security Token Service (STS)
Token issuing party in OAuth and WS-Trust. All clients in the system trust the STS and retrieve tokens from the STS to trade for data or services at various endpoints in the system.
Single Page Application (SPA)
A browser based application that requires no state in the web server. Typically this application never switches page, but only loads and unloads components in the same DOM. Common frameworks are Angular.js, Ember.js and Backbone.js.
Single Sign-on (SSO)
The act of logging in on one page in one domain, and then being logged in when visiting another page in another domain.
SSO Session
The cookie and state that maintains information about the authentications still active.