IDaaS can push account and organization changes to your application in real time, keeping your app's user directory in sync without polling. To receive these push notifications, configure a receiving endpoint in your application and register it with IDaaS.
For an overview of account synchronization options, see Synchronize accounts.
Prerequisites
Before you begin, ensure that you have:
Navigated to the Provisioning tab and turned on Synchronize IDaaS Users on Application
Configured the Synchronization Scope parameter to specify which IDaaS organization node to synchronize
Choose a synchronization mode
IDaaS supports two application synchronization modes:
Shortcut mode — IDaaS's native event callback mode. This is the recommended approach for most applications.
SCIM mode — System for Cross-domain Identity Management (SCIM). Use this mode if your application already implements a SCIM client. For details, see Account Provisioning using SCIM.
The rest of this topic covers shortcut mode configuration.
Configure push parameters
In the Synchronize IDaaS Users on Application section, configure the following parameters.
| Parameter | Description | Example |
|---|---|---|
| Synchronization scope | The organization node to synchronize. When using API operations, only organization-level data can be synchronized. | Alibaba Cloud IDaaS |
| Public Key Endpoint | IDaaS signs each synchronization request. Your application must retrieve the public key from this endpoint and verify the signature on every incoming request. | — |
| Outbound IP Address | Add these IP addresses to your application's allowlist so that IDaaS requests are not blocked. | — |
| URL for Receiving Synchronization Requests | The endpoint URL in your application that receives sync requests. This single URL handles connection testing, account events, and organization events. For the required request and response format, see Overview. | https://www.example.com/accounts/provision |
| Encryption | Encrypts service data with a key before transmission. Enable this when syncing over the public internet. | Disabled |
| Encryption Key | The key used to encrypt service data. Generate one through IDaaS or enter your own. | 2fdc67ca538cc9500bcad6518390feb937b58e9102b00bffb30a292112fdf626 |
| Password Synchronization | Passes plaintext passwords in the event payload for Create User and Change Account Password (change or reset password) events. When used together with Encryption, passwords are encrypted during transmission. | Disabled |
Subscribe to events
After configuring push parameters, select which change events your application should receive.
IDaaS defines more than ten account and organization change event types, divided into incremental events and full change events. For the complete event catalog, see Address book events.
Test and activate
These operations are available only when Synchronize IDaaS Users on Application is turned on.
Test Connectivity — Sends a test request to your endpoint to verify that the network connection is reachable and that your endpoint can process requests correctly.
Synchronize — Triggers a full synchronization.
What's next
To implement the receiving endpoint in your application, follow the development guide in Overview.