I have a user with verified e-mail abc@domain123.com in my application, logged in with passwordless. We are now enabling SSO for domain123, and I would like a seamless experience when abc@domain123.com signs in with SSO the first time (in other words, I don’t want to present the user with any account-linking GUI. It should “just” work). I’m aware that there are some potential security vulnerabilities when doing seamless account linking, but in this specific scenario it’s ok.
I have been in contact with Auth0 support where we discussed doing this in a rule, and I’m about to start implementing that. But then I log-in to auth0 and discover we now have something called actions 
.
Rules, hooks and actions 
So in other words, is account-linking something I should accomplish using an action instead? And in case the answer is yes, what flow should I pick? Would love some general feedback on this one 
update
I now have a working action that does the account linking. Works pretty good, so I will recommended using an action. Because of some logging limitations in auth0 custom actions, I have decided to move the actual code to a server-function we host, and then let the action call this endpoint.
If requested, I can add specific code snippets, but the most important part is to use the mgmt API to link the users, and then return the “new” primary user like this:
event.user = primaryUserAfterAccountLink;
return {
user: primaryUserAfterAccountLink
}
cheers 
: