Use cases

To perform account linking with OAuth and Google Sign-In, follow these general steps: First, ask the user to give consent to access their Google profile. Use the information in their profile to check if the user account exists. For existing users, link the accounts. If you can't find a match for the Google user in your authentication system, validate the ID token received from Google. You can then create a user based on the profile information contained in the ID token.

After you have verified the token, check if the user is already in your user database. If so, establish an authenticated session for the user. If the user isn't yet in your user database, create a new user record from the information in the ID token payload, and establish a session for the user. You can prompt the user for any additional profile information you require when you detect a newly created user in your app.

Users can use multiple Identity Providers to sign in, and Okta can link all of those profiles to a single Okta user. This is called account linking. For example, a user signs in to your app using a different Identity Provider than they used for registration. Account linking can then establish that the user owns both identities. This allows the user to sign in from either account.

When a user signs in, you can link the user’s Facebook account to an existing Okta user profile or choose to create a new user profile using Just-In-Time (JIT) provisioning.