All Products
Search
Document Center

Identity as a Service:Synchronize accounts and organizations

Last Updated:Dec 22, 2023

image.png

Identity as a Service (IDaaS) can be used as a trusted source of identity information to distribute data to stakeholders. IDaaS can also link accounts and organizations across different systems.

IDaaS allows you to synchronize data in two directions:

  • Inbound: Data is synchronized from stakeholders to IDaaS.

  • Outbound: Data is synchronized from IDaaS to stakeholders.

The two-way data synchronization feature of IDaaS allows you to distribute data changes in Active Directory (AD) or DingTalk to all stakeholders by using IDaaS.

Inbound synchronization

The following table describes the inbound synchronization methods that are supported by IDaaS.

Inbound synchronization method

Source

Description

Synchronization from identity providers (IdPs)

IdPs

IDaaS supports data synchronization from AD, OpenLDAP.

IDaaS does not support data synchronization from other IdPs such as Lark.

Synchronization by using Developer API operations

Applications

IDaaS provides Developer API operations to facilitate the integration with custom applications. For more information, see List of operations by function.

Synchronization by using OpenAPI operations

Multiple types of sources

IDaaS provides OpenAPI operations that can be used by developers to import multiple accounts at a time. For more information, see List of operations by function.

Synchronization based on the System for Cross-domain Identity Management (SCIM) protocol (coming soon)

Applications

Some international applications support the SCIM protocol.

Synchronization by using lazy loading (coming soon)

Multiple types of sources

If lazy loading or Just-in-Time (JIT) Provisioning is used, each account is synchronized to IDaaS the first time the account is used to log on to IDaaS.

Outbound synchronization

The following table describes the outbound synchronization methods that are supported by IDaaS.

Outbound synchronization method

Destination

Description

Synchronization to IdPs

IdPs

IDaaS does not support data synchronization to other IdPs such as AD, OpenLDAP, WeCom, and Lark.

Data push to applications by IDaaS

Applications

IDaaS can push data to applications in a fixed format.

  • IDaaS can push data to applications by using event callbacks. For more information, see Provision Accounts - IDaaS Event Callback.

  • IDaaS can push data to applications over the SCIM protocol. For more information, see Account Provisioning using SCIM.

  • Some applications in the market provide fixed API operations for synchronization. The API operations will be pre-integrated with IDaaS for quick configuration and easy use.

Data fetch from IDaaS by applications

Applications

The current version of IDaaS supports this synchronization method. Applications can call Developer API operations to obtain account and organization information of multiple accounts at a time for synchronization. For more information, see List of operations by function.