This topic decribes the features provided by Alibaba Cloud Identity as a Service (IDaaS). The features include unified accounts across applications, centralized application management, unified authentication, unified authorization, and log auditing.

Features Description
Unified account With a unified account, an employee can log on to multiple application systems instead of maintaining different logon accounts for different applications.

These logon accounts are associated with the unified account to facilitate centralized lifecycle management of employee account information. A unified account provides the following features:

  • The directory of user information in the enterprise architecture
  • Account information synchronization
  • Account information lifecycle management
Unified authentication Collects multiple authentication factors and issues encrypted identity credentials to the servers of different applications for unified authentication and single sign-on.
  • Supports external authentication sources such as LDAP, WeChat, and DingTalk.
  • Provides MFA and supports mainstream authentication methods, such as account and password authentication, account and SM2-encrypted password authentication, SMS verification code, OTP code, voiceprint, fingerprint, facial recognition, and certificate authentication.
Centralized authorization Implements centralized management over the roles that are used to access an application. You can create a role for an account, a group, and an organization unit, and assign to the role permissions on specific application resources such as menus, buttons, and backend data. In this way, IDaaS ensures fine-grained permission management and prevents unauthorized operations.
Application Provides centralized management over accounts and their permissions to access applications in the private and public clouds of enterprises, mobile applications, and IoT devices.
Audit Audits user operations to facilitate the usage efficiency of enterprise resources.