1. If there are two service systems with the same account name, how will they be provisioned to the IDaaS console? How will the accounts be provisioned to the IDaaS console if a user has account names in two service systems?

The accounts of a service system carry a unique ID when they are provisioned to the IDaaS console. The IDaaS console determines whether it is the same account based on the unique ID. If the two IDs are the same, IDaaS will associate the two accounts. If the two IDs are different, IDaaS will create another account.

IDaaS provides user accounts and application accounts and retains their association relations. Two application accounts can be mapped to a single user account with the same attributes.

Note The unique ID is generally the email address or mobile phone number bound to an account.

2. What methods can be used to provision accounts? What are the differences between these methods?

IDaaS supports the following two methods to provision accounts:

  • Service systems can use SCIM-based APIs provided by IDaaS to provision accounts to the IDaaS console.
  • The IDaaS console can use APIs provided by the SP to provision APIs created in IDaaS to the SP.

The two methods differ in which side receives the transferred accounts and which side provides APIs.

Note APIs must be developed based on the SCIM protocol.