IDaaS Open Platform

Alibaba Mail Single Sign-On

Single Sign-On SSO

# Description

This document introduces the configuration process for Single Sign-On between Alibaba Mail and IDaaS.

# Preparations

  1. Contact Alibaba Mail customer service in advance to purchase or enable the API interfaces for Single Sign-On and data synchronization.

  2. Send the following application email to alimailservice@alibaba-inc.com.

    Company Email Domain: http://xxx.xxx.xxxx/
Company Name: xxxxxx
Application Environment Domain: http://xxx.xxx.xxxx/
Egress IP: 47.92.171.137 (This IP is the IDaaS service egress IP and is required.)
Required Access Interface: Account and Organizational Structure Synchronization
Single Sign-On: Requires appCode, appSecret
Synchronization Interface: Requires accessCode, accessTarget, accessPassword
    1
    2
    3
    4
    5
    6
    7

  3. Obtain the API keys and Single Sign-On keys.

# Authentication Configuration

For questions regarding parameters during configuration, which email attributes to synchronize to Alibaba Mail, mapping between IDaaS user attributes and Alibaba Mail user attributes, etc., please consult IDaaS delivery personnel.

  1. The administrator logs into the IDaaS Enterprise Center, navigates to 【Resources】-【Applications】- Add Pre-integrated Application, and adds the Alibaba Mail pre-integrated application.

  2. Configure authentication parameters.

    Parameter Description
    appCode Alibaba Mail Single Sign-On appCode
    appSecret Alibaba Mail Single Sign-On appSecret
    Alibaba Mail Redirect Address The address to enter after logging into Alibaba Mail, generally the enterprise email application address.

# Login Verification

  • Method 1: Click the Alibaba Mail logo in the IDaaS User Center to enter the mailbox.

  • Method 2: On the Alibaba Mail login interface, enter the IDaaS user's email address and password to log into the mailbox.

Alibaba Mail Data Sync