There are 2 ways to link accounts, automatically using AD context, which we recommend, or manually by specifying the domains to map to specific realms.
Read on AD context auto mapping here
The manual mapping works by linking cloud & network accounts that have the same username by mapping Kerberos realms to cloud domains.
How to configure
Go to Settings -> Cognito Saas -> Account Association.
If a cloud domain is the same as a Kerberos realm, you will still need to map these together.
Network Accounts are found in Detect by analyzing the client field in Kerberos transaction logs. (These can be inspected in Recall).
The format in Kerberos is primary/instance@realm:
Primary: If the Principal represents a user in the system, the primary is the username of the user. Alternatively, for a host, the primary is specified as the string, "host".
Instance: The instance can be used to further qualify the primary, for example, firstname.lastname@example.org.
Realm: This is your Kerberos realm, which is usually a domain name in upper case letters. For example, the machine foo.abc.com is in the ABC.COM Kerberos realm.
Accounts are represented in Detect as "Primary@realm", which will map closely to an email address.
O365 accounts are linked to the UserPrincipalName in Azure AD.