Each application has some general configurations and feature-specific configurations. You can manage general configurations of applications on the General tab.
To access the General tab, click Applications in the menu, find the application that you want to manage, and then click Manage.
In the current version of Identity as a Service (IDaaS), administrators can enable or disable API operations and rotate secrets.
IDaaS provides a variety of API operations for each application. You can enable some API operations for an application so that the application can call these API operations to implement certain features. The following API operations are provided:
API operations for single sign-on (SSO) based on OpenID Connect (OIDC)
API operations for account synchronization
API operations for permission management (
An application must exchange its client_id and client_secret configured on the General tab for an access_token to call these API operations.
The client_id starts with "app_" and is about 26 characters in length. By default, the client_id is the same as the application ID. A client_secret is a random string that starts with
CS and is between 44 and 46 characters in length.
In the current version of IDaaS, administrators can enable or disable API operations and rotate secrets.
You can customize the interval of secret rotation for each application.
To make secret rotation easier, IDaaS allows you to configure at most two client_secrets for an application and enable at least one client_secret.
During the rotation period, you can keep both of the client_secrets enabled. After you confirm that the old client_secret is no longer needed, you can delete the old client_secret.
To ensure security, we recommend that you rotate secrets every three months or according to specific compliance requirements. The following steps show you how to rotate secrets:
Create a new client_secret.
Replace the old client_secret with the new one.
Disable the old client_secret. When you disable a client_secret, you will be prompted the last time when this client_secret was used. After you confirm that the client_secret is no longer used, you can disable it.
Verify whether the running of the application is affected.
After you confirm that the running of the application is not affected, you can delete the old client_secret.
The ID of the application. The application ID is for reference only and cannot be changed.
The template used to create the application. The source cannot be changed.
Valid values: Template Application, Standard Protocol, and Custom Applications.
The display name of the application.
The icon of the application. The icon file must be in the PNG or JPG format and cannot exceed 1 MB in size. We recommend that you set the pixel aspect ratio to 256*256.