Secondary Accounts generally exist to be linked with primary user accounts in the Realm user directory. You can link these using manual processes or automated processes.
The following article details how you can perform automatic linking of accounts.
Linking Users using Account Templates
To use Automatic Account Linking, it is necessary to configure Account Templates.
This page can be accessed from Secondary Accounts->Account Templates. Select the Create option to begin the process.
The Create Account Template page is now displayed.
Select the Secondary Account Connector this template is to be used with and set a name. In this case, we're going to match user accounts based on matching usernames.
Now select the Linking tab and set the Auto-Link option to ON. Additional options are now presented to the user. Username Expression is automatically filled with the value principal.getPrincipalName(); this is the expression that will look for user accounts that have the same value for the user account. This is the value we want present.
For other Username Expressions, see appendix below.
Finally, go to the Assignment and assign this template to the appropriate users, groups, or roles that should have access to this. We're assigning it to Everyone. Now select the Save option.
The Account Template will now be created and listed.
If we now go back to the Connectors tab and select the Manage Accounts option. If the automatic account linking process has run then you should see all of the links that have been processed.
Note: The account linking process runs on a schedule, so you will need to wait for up to 15 minutes for the account link to happen, or you can run the Account Linking job directly from the jobs page.
Appendix: Username Expressions
For username expressions, we would look for what information we can pull from a primary account to then match up with a username on the secondary.
As mentioned above, the default expression will match the username exactly. For any other combinations, we need to use different attributes.
For example, it's possible to refer to AD user attributes directly, which we then combine to match the username on the Secondary.
Example 1, Secondary username is the same as the email address on the primary AD account:
Expression: mail;
Example 2, Secondary username is firstname.secondname, primary is an AD account:
Expression: givenName + '.' + sn;
Example 3, Secondary username is firstname initial concatenated with the surname and ending with a domain name, primary is an AD account:
Expression: givenName.subString(0,1) + sn + '@logonbox.com';
