All Products
Search
Document Center

Identity as a Service:Synchronize accounts - IDaaS event callback

Last Updated:Mar 17, 2025

You can synchronize organizations and accounts between Identity as a Service (IDaaS) and applications. For more information, see Synchronize accounts.

IDaaS allows you to synchronize all IDaaS accounts to an application at one time. IDaaS can also send notifications on incremental changes.

a

Go to the Provisioning tab, turn on Synchronize IDaaS Users on Application, and configure the Synchronization Scope parameter.

After you configure the Synchronization Scope parameter, the application can obtain the organization and account information of the specified IDaaS node.

Configure push parameters

Go to the Synchronize IDaaS Users on Application section.

IDaaS supports the following application synchronization modes:

  • Shortcut mode: The event callback mode defined by IDaaS. This mode is recommended for most applications.

  • System for Cross-domain Identity Management (SCIM) mode: This mode is suitable for applications that implement SCIM client capabilities. For more information, see Account Provisioning using SCIM.

推送配置

Configure basic push parameters. The following table describes the parameters.

Parameter

Description

Example

Synchronization Scope

The organization that you want to synchronize. If you perform this operation by using API operations, you can synchronize only the data of the organization.

Alibaba Cloud IDaaS

Public Key Endpoint

The synchronization request contains a signature. The receiver must obtain the public key from IDaaS and verify the synchronization request.

None

Outbound IP Address

Add the outbound IP address of IDaaS to the whitelist of the application to ensure that IDaaS requests can be received as expected.

None

URL for Receiving Synchronization Requests

The URL that is used to receive the synchronization request.

The URL must follow the rules in the development guide and serve multiple purposes including connection testing, receiving accounts, and receiving organizations. For more information, see Overview.

https://www.example.com/accounts/provision

Encryption

If you select this option, service data is encrypted by using a key and then transmitted. If you need to transmit data over the Internet, we recommend that you select this option to ensure secure data transmission.

The parameter is cleared.

Encryption Key

The key that is used to encrypt service data.

The key can be generated by IDaaS or manually entered.

2fdc67ca538cc9500bcad6518390feb937b58e9102b00bffb30a292112fdf626

Password Synchronization

If you select this option, plaintext passwords are passed in the data of a specific event. The following events are supported:

  • Create User

  • Change Account Password (change or reset password)

If you select Service Data Encryption at the same time, passwords and service data are encrypted during transmission.

The parameter is cleared.

After you configure push parameters, you can also subscribe to change events to receive push notifications when events occur.

image

IDaaS defines more than ten types of account and organization change events. The events are divided into incremental events and full change events. For more information, see Address book events.

After the configuration is complete, you can perform the following operations only if Synchronize IDaaS Users on Application is turned on.

  • Click Test Connectivity to check whether the connection is established, the network connection is stable, and the request can be processed as expected.

  • Click Synchronize to initiate full synchronization.

image

To receive the event requests sent from IDaaS, you must complete the development procedures in Overview.