All Products
Document Center

Identity as a Service:Provision Accounts - IDaaS Event Callback

Last Updated:Jun 16, 2023

You can synchronize organizations and accounts between IDaaS and applications. For more information, see Provision accounts and organizations.

IDaaS allows you to synchronize all IDaaS accounts to an application at one time. IDaaS can also send notifications on incremental changes.


Go to the Provisioning tab, turn on Synchronize IDaaS Users on Application, and configure the Synchronization Scope parameter.

After you set the synchronization scope, the application can obtain the organization and account information of the specified IDaaS node.

Configure push settings

Go to the Provisioning tab in application.


Configure basic push parameters. The following table describes the parameters.




Synchronization Scope

The organization that you want to synchronize. If you perform this operation by using API operations, you can synchronize only the data of the organization.

Alibaba Cloud IDaaS

Public Key Endpoint

The synchronization request contains a signature. The receiver needs to obtain the public key from IDaaS and verify the synchronization request.


Outbound IP Address

Add the outbound IP address of IDaaS to the whitelist of your application to ensure that IDaaS requests can be received as expected.

URL for Receiving Synchronization Requests

The URL that is used to receive the synchronization request.

This URL must follow the rules in the development guide and serve multiple purposes including connection testing, receiving accounts, and receiving organizations. For more information, see Push accounts from IDaaS in Development Guide.


If you select this option, service data is encrypted by using a key and then transmitted. When data needs to be transmitted over the Internet, we recommend that you select this option to ensure secure data transmission.

The parameter is cleared.

Encryption Key

The key that is used to encrypt service data.

The key can be generated by IDaaS or entered manually.


Password Synchronization

If you select this option, plaintext passwords are passed in the data for a specific event. The events are:

  • Create User

  • Change Account Password (change or reset password)

If you select Service Data Encryption at the same time, passwords and service data are encrypted during transmission.

The parameter is cleared.

After you configure push settings, you can also subscribe to change events to receive push notifications when events occur.


IDaaS defines more than ten types of account and organization change events. The events are divided into incremental events and full change events. For more information, see Contacts events.

After the configuration is complete, you can perform the following operations when Synchronize IDaaS Users on Application is turned on.

  • Click Test Connectivity to verify that the connection is correct, the network access is stable, and the request can be processed as expected.

  • Click Synchronize to initiate full synchronization.


To receive the event requests sent from IDaaS, you must complete the development procedures in Account synchronization overview.