Problem statement
This article explains whether it is possible to create a seamless login between two applications using different connections via Account Linking.
Solution
The same connection the user logged in with must be enabled for all applications that SSO is desired between. Users cannot log in to applications through SSO that would not allow their account to authenticate normally.
In the scenario that App1 has only a database connection enabled, App2 only has the passwordless connection enabled, and a user’s database account is linked with their passwordless account. This will not allow for SSO between App1 and App2.
Account linking will allow the same user profile to be used for both the primary and secondary account(s) to achieve consistency between the connection type they use, but they will still need to log in using the correct account type for the application’s enabled connections to be allowed access and obtain tokens.
- In other words, if a linked Database (primary) + Passwordless (secondary) account is set, the user can log in to App1 with its Database credentials, but if the user tries to visit App2, it will prompt them to log in with the passwordless credentials and won’t accept the database connection based session.
- When the user does log in to App2, they will be issued tokens with the user profile and metadata that is stored under the primary identity.