Link Identities
Last updated
Last updated
For a user to request access to a resource in another application, sometimes an identity in this external application is required. For example, if you have a resource which controls access for your Github User to a Github Team, then Abbey needs a mechanism to link a user's central account (often their Abbey account, which is often email) to an identifier in the downstream system.
For example:
Github has
AWS Identity Center has an
etc
We call this process linking.
Linking an application identity is the process by which we associate the application's identity with your Abbey user. Once identity data has been linked for an external application, Abbey can use this identity data in its grant kits.
Below is an example of linking Github data into Abbey:
This links the Abbey user with Github, and lets Abbey know that the Github username for the Abbey user is "Alice". Now we can refer to this in a grant kit output block using the user object as follows:
Now when this grant kit is applied, Alice will become part of the eng_team Github team. Note that Github specific application information is found in user.github and a field named username contains the Github username you linked earlier.
By default Abbey provides access to your Abbey email in the user object as user.email for use in Grant Kits and policies. If the resource you're controlling access to only requires the email you signed up for Abbey with, then you don't need to link any application identity data!
Abbey supports linking data from any external application! Abbey does however have first-class support for a set of applications which require linking application data in a specific way.
For more info about linking from first-class supported Abbey applications or just more information about Linking Application Identity Data in general, read Linking Application Identities into Abbey.