With Mapped Federation users need to exist in both the identity provider and the service provider. As per transient federation a metadata exchange contract is defined between the identity provider and the service provider. With Mapped Federation further attributes for uniquely identifying the user are required. This may be the UID (e.g. email address) that identifies the authenticated user in the identity provider’s IdP Identity and the service provider’s Local Identity


User record can be mastered externally while still controlling access to a limited number of resources (e.g. seat based licensing model)
Model is suitable for splitting authentication from authorisation in legacy applications

Mapped Federation often needs a joiners and leavers process such as Just In Time User Provisioning or SCIM