This topic describes how to use RAM and IDaaS together in daily use and demonstrates how RAM can benefit from IDaaS.
During digital transformation, many enterprises gradually migrate their applications to the cloud and use RAM to manage Alibaba Cloud resources. Employees will need to repeated log on to RAM and other application systems, leading to a lot of repetitive work. Employees will also need several pairs of accounts and passwords. Account lifecycle management is implemented separately in each system. RAM also maintains a separate set of groups and users. These issues pose great challenges to employees, administrators, and enterprise managers.
In response to the preceding issues, IDaaS provides a complete solution to integrate RAM scenarios such as account management, authentication management, permission management, logon audit. This improves the work efficiency of employees, reduces enterprise management costs, and saves human resources.
- RAM user based single sign-on
IDaaS calls the RAM single sign-on operation to associate RAM users. IDaaS associates its accounts with RAM users for single sign-on.
- RAM role based single sign-on
IDaaS calls the RAM single sign-on operation to associate RAM roles. IDaaS associates its accounts with RAM roles preset in the RAM console for single sign-on.
- Provision AD or LDAP user data to RAM
Generally, AD or LDAP user data cannot be pulled by RAM or pushed to RAM. IDaaS can pull AD or LDAP user data and then call the RAM data provisioning operation to provision accounts from IDaaS to RAM.
- Use AD or DingTalk accounts to scan the QR code to log on to RAM
IDaaS supports various authentication sources. For example, you can use an AD account to log on to RAM after passing IDaaS authentication.
- Audit RAM access logs
RAM does not record user logon behaviors. Administrators cannot query which users log on to RAM during a certain time period. This brings great management risks. IDaaS can be used with RAM to audit RAM access behaviors and provide information such as the users, IP addresses, and time periods that RAM was accessed.