This topic decribes the features provided by Alibaba Cloud Identity as a Service (IDaaS). The features include unified accounts across applications, centralized application management, unified authentication, unified authorization, and log auditing.
|Unified account||With a unified account, an employee can log on to multiple application systems instead
of maintaining different logon accounts for different applications.
These logon accounts are associated with the unified account to facilitate centralized lifecycle management of employee account information. A unified account provides the following features:
|Unified authentication||Collects multiple authentication factors and issues encrypted identity credentials
to the servers of different applications for unified authentication and single sign-on.
|Centralized authorization||Implements centralized management over the roles that are used to access an application. You can create a role for an account, a group, and an organization unit, and assign to the role permissions on specific application resources such as menus, buttons, and backend data. In this way, IDaaS ensures fine-grained permission management and prevents unauthorized operations.|
|Application||Provides centralized management over accounts and their permissions to access applications in the private and public clouds of enterprises, mobile applications, and IoT devices.|
|Audit||Audits user operations to facilitate the usage efficiency of enterprise resources.|