You can synchronize organizations and accounts between Identity as a Service (IDaaS) and applications. For more information, see Synchronize accounts.
IDaaS allows you to synchronize all IDaaS accounts to an application at one time. IDaaS can also send notifications on incremental changes.
Go to the Provisioning tab, turn on Synchronize IDaaS Users on Application, and configure the Synchronization Scope parameter.
After you configure the Synchronization Scope parameter, the application can obtain the organization and account information of the specified IDaaS node.
Configure push parameters
Go to the Synchronize IDaaS Users on Application section.
IDaaS supports the following application synchronization modes:
Shortcut mode: The event callback mode defined by IDaaS. This mode is recommended for most applications.
System for Cross-domain Identity Management (SCIM) mode: This mode is suitable for applications that implement SCIM client capabilities. For more information, see Account Provisioning using SCIM.
Configure basic push parameters. The following table describes the parameters.
Parameter | Description | Example |
Synchronization Scope | The organization that you want to synchronize. If you perform this operation by using API operations, you can synchronize only the data of the organization. | Alibaba Cloud IDaaS |
Public Key Endpoint | The synchronization request contains a signature. The receiver must obtain the public key from IDaaS and verify the synchronization request. | None |
Outbound IP Address | Add the outbound IP address of IDaaS to the whitelist of the application to ensure that IDaaS requests can be received as expected. | None |
URL for Receiving Synchronization Requests | The URL that is used to receive the synchronization request. The URL must follow the rules in the development guide and serve multiple purposes including connection testing, receiving accounts, and receiving organizations. For more information, see Overview. | https://www.example.com/accounts/provision |
Encryption | If you select this option, service data is encrypted by using a key and then transmitted. If you need to transmit data over the Internet, we recommend that you select this option to ensure secure data transmission. | The parameter is cleared. |
Encryption Key | The key that is used to encrypt service data. The key can be generated by IDaaS or manually entered. |
|
Password Synchronization | If you select this option, plaintext passwords are passed in the data of a specific event. The following events are supported:
If you select Service Data Encryption at the same time, passwords and service data are encrypted during transmission. | The parameter is cleared. |
After you configure push parameters, you can also subscribe to change events to receive push notifications when events occur.
IDaaS defines more than ten types of account and organization change events. The events are divided into incremental events and full change events. For more information, see Address book events.
After the configuration is complete, you can perform the following operations only if Synchronize IDaaS Users on Application is turned on.
Click Test Connectivity to check whether the connection is established, the network connection is stable, and the request can be processed as expected.
Click Synchronize to initiate full synchronization.
To receive the event requests sent from IDaaS, you must complete the development procedures in Overview.