oCIS needs to be able to identify users. Without a non reassignable and persistent account ID share metadata cannot be reliably persisted. accounts allows exchanging oidc claims for a uuid. Using a uuid allows users to change the login, mail or even openid connect provider without breaking any persisted metadata that might have been attached to it.

  • persists accounts
  • uses graph api properties
  • ldap can be synced using the onpremise* attributes

Table of Contents