Employee Center - Secure Access Service Edge - Alibaba Cloud Documentation Center

The Employee Center shows your organization's structure and employee accounts synced from your identity source. For custom identity sources, you can also create departments and add users directly in SASE.

Prerequisites

Before you begin, ensure that you have:

An identity source created in SASE
Identity information synced from the third-party identity source (if applicable). For more information, see Identity synchronization.

Identity source types

The operations available in the Employee Center depend on your identity source type.

Operation	Custom identity source	Third-party identity source
View organization chart and users	Yes	Yes
Create departments	Yes	No
Add users	Yes	No
Edit all user fields	Yes	No
Edit Position and Employment Status	Yes	Yes
Delete users	Yes	No

For third-party identity sources, make user and department changes in the third-party console, then run an identity synchronization to update SASE.

Custom identity sources

Add departments and users

Log on to the Secure Access Service Edge console.
In the navigation pane on the left, choose Identity Authentication > Identity Access.
On the Employee Center tab, select a custom identity source from the drop-down list.

Click Create Department. In the dialog box, enter a Department Name and click OK. Repeat this step to create multiple departments.
Select the department to which you want to add users and click Add User.

In the Add User panel, configure the user information and click OK. To add multiple users at once, select Batch Import: click Download Import Template, enter the user information, and upload the file.

Important

Keep login credentials secure. When no password is configured, SASE emails the auto-generated credentials to the user after the user is added. These credentials are used to log on to the SASE App.

Field	Required	Description
Username	Yes	The user's login name for the SASE App
Password	No	If left blank, SASE auto-generates a password and sends it with the username to the user's email address
Department	Yes	The department the user belongs to
Position	No	The user's job title
Email Address	Yes	Used to receive login credentials when no password is set
Mobile Phone Number	No	The user's phone number
Employment Status	No	The user's current employment status
Account Expiration Time	No	When reached, the account status changes to Suspended automatically

Manage users

Select a department to view its users.

Each user has one of the following account statuses:

Status	Meaning
Pending Activation	The user has not logged on to the SASE App yet
Enabled	The user has successfully logged on to the SASE App
Suspended	The account is frozen. The user cannot log on, and any active sessions are terminated

An account moves to Suspended automatically when its Account Expiration Time is reached.

In the Actions column, select an operation:
- Details: View the user's full profile. From the details panel:
  - For Enabled or Pending Activation accounts: click Disable Account to freeze the account and terminate any active sessions.
  - For Suspended accounts: click Enable Account to restore access.
- Edit: Modify the user's information in the Edit User panel and click OK.
- Delete: Click Delete, then click OK to confirm.
Important
After a user is deleted, the user can no longer log on to the SASE App. Proceed with caution.

Third-party identity sources

After syncing a third-party identity source, the Employee Center displays the organization chart and employee information from that source.

Log on to the Secure Access Service Edge console.
In the navigation pane on the left, choose Identity Authentication > Identity Access.
On the Employee Center tab, select a third-party identity source from the drop-down list.

The organization chart and employee information for the selected source are displayed. Account status values are the same as those for custom identity sources.

In the Actions column, select an operation:
- Details: View the user's full profile. From the details panel:
  - For Enabled or Pending Activation accounts: click Disable Account to freeze the account.
  - For Suspended accounts: click Enable Account to restore access.
- Edit: In the Edit User panel, you can only modify Position or Employment Status and click OK.

Note

For third-party identity sources, adding users, deleting users, and modifying fields such as organizational departments, email addresses, or phone numbers must be done in the third-party console. After making changes there, run an identity synchronization to update SASE.