Hi Philip,
If you have sufficient confidence, then you can link user accounts programatically - i.e. without the additional authentication/UI steps - via use of the Management API (see Auth0 Management API v2 for more details). You can do this from a post_login Action (Login Flow), or from a Rule if you’re more familiar with legacy extensibility. And you will want to investigate using the variant of the POST where an API v2 Management API token containing the update:users scope is used.
Hope this helps 