All Products
Search

This Product

    Identity as a Service:Single sign-on to IDaaS application in WeCom Workbench

    Document Center

    Identity as a Service:Single sign-on to IDaaS application in WeCom Workbench

    Last Updated:Jul 04, 2025

    This document describes how to implement single sign-on (SSO) to IDaaS applications in WeCom Workbench, including creating applications in IDaaS, creating applications and configuring the homepage address in WeCom, and verifying SSO.

    Prerequisites

    Before starting the configuration, ensure that you have completed the following preparations:

    • You have activated Alibaba Cloud IDaaS EIAM Service.

    • You have a WeCom account with administrator permissions.

    • The target application supports integration with SAML 2.0 protocol or OAuth 2.0 protocol.

    Procedure

    Step 1: Create an application in IDaaS

    Note

    This topic uses Alibaba Cloud SASE as an example.

    1. Log on to the IDaaS console, select the corresponding IDaaS instance, and click Manage in the Operation column.

    2. Select Application > Add Application, search for Alibaba Cloud SASE application and click Add Application.

    3. Obtain the ID from the General tab. This ID will be used to construct the homepage URL for WeCom single sign-on.

    4. Click the Login Access > Single Sign-on tab.

      1. SSO: Ensure that single sign-on is in the Enabled status.

      2. Select site: China site.

      3. User: Prioritize application account, then IDaaS username.

      4. Authorize: Select accessible to all members.

      5. Application Settings: Download the IdP metadata and upload it as the SASE "SAML Metadata Configuration File" to complete the SSO configuration.

      6. After completing the configuration, click the Save button. For more information, see Alibaba Cloud SASE SSO.

    Step 2: Create an application in WeCom admin console

    1. Log on to the WeCom admin console, and create a self-built enterprise application in Application Management > Applications > Self-built.

    2. Fill in the application information.

      1. Application Logo: Upload an application logo. We recommend using a 750×750 jpg or png image under 1MB.

      2. Application Name: Enter the name to be displayed for the application on the platform.

      3. Application Description: Briefly describe the function and purpose of the application.

      4. Visibility: Select the departments or members who can use this application. After completing the form, click the Create Application button to submit.

    3. Set the application homepage address on the application details page.

      1. Click Settings to navigate to the Set Workbench Application Homepage page.

      2. Select the Web option, and click Configure Mobile And Desktop Separately.

      3. Enter the mobile and desktop URLs. Both need to be constructed with the application address in the following format:

        https://{IDaaS User Portal Address}/login/go/{IDaaS Application ID}
# Example: https://of5*****.aliyunidaas.com/login/go/app_nbryes3eewn***************

        1. For information about how to obtain the IDaaS user portal address, see IDaaS Portal Access Methods.

        2. For information about how to obtain the IDaaS application ID, see Step 1: Obtain the Application ID.

      4. Select the option to always enter the homepage in the WeChat plugin. When selected, members will always enter the enterprise-configured homepage when clicking the application in WeChat. After completing the configuration, click OK.

    Step 3: Verify SSO

    1. Click the created application in the WeCom Workbench.

    2. If the login is successful, you will directly enter the target application interface without needing to enter your username and password again.