All Products
Search

This Product

    Identity as a Service:Synchronize accounts and organizations

    Document Center

    Identity as a Service:Synchronize accounts and organizations

    Last Updated:Dec 22, 2023

    image.png

    Identity as a Service (IDaaS) can be used as a trusted source of identity information to distribute data to stakeholders. IDaaS can also link accounts and organizations across different systems.

    IDaaS allows you to synchronize data in two directions:

    • Inbound: Data is synchronized from stakeholders to IDaaS.

    • Outbound: Data is synchronized from IDaaS to stakeholders.

    The two-way data synchronization feature of IDaaS allows you to distribute data changes in Active Directory (AD) or DingTalk to all stakeholders by using IDaaS.

    Inbound synchronization

    The following table describes the inbound synchronization methods that are supported by IDaaS.

    Inbound synchronization method

    Source

    Description

    Synchronization from identity providers (IdPs)

    IdPs

    IDaaS supports data synchronization from AD, OpenLDAP.

    IDaaS does not support data synchronization from other IdPs such as Lark.

    Synchronization by using Developer API operations

    Applications

    IDaaS provides Developer API operations to facilitate the integration with custom applications. For more information, see List of operations by function.

    Synchronization by using OpenAPI operations

    Multiple types of sources

    IDaaS provides OpenAPI operations that can be used by developers to import multiple accounts at a time. For more information, see List of operations by function.

    Synchronization based on the System for Cross-domain Identity Management (SCIM) protocol (coming soon)

    Applications

    Some international applications support the SCIM protocol.

    Synchronization by using lazy loading (coming soon)

    Multiple types of sources

    If lazy loading or Just-in-Time (JIT) Provisioning is used, each account is synchronized to IDaaS the first time the account is used to log on to IDaaS.

    Outbound synchronization

    The following table describes the outbound synchronization methods that are supported by IDaaS.

    Outbound synchronization method

    Destination

    Description

    Synchronization to IdPs

    IdPs

    IDaaS does not support data synchronization to other IdPs such as AD, OpenLDAP, WeCom, and Lark.

    Data push to applications by IDaaS

    Applications

    IDaaS can push data to applications in a fixed format.

    • IDaaS can push data to applications by using event callbacks. For more information, see Provision Accounts - IDaaS Event Callback.

    • IDaaS can push data to applications over the SCIM protocol. For more information, see Account Provisioning using SCIM.

    • Some applications in the market provide fixed API operations for synchronization. The API operations will be pre-integrated with IDaaS for quick configuration and easy use.

    Data fetch from IDaaS by applications

    Applications

    The current version of IDaaS supports this synchronization method. Applications can call Developer API operations to obtain account and organization information of multiple accounts at a time for synchronization. For more information, see List of operations by function.