What is Unified Authentication

As users of applications, we often encounter a common and frustrating issue in our daily authentication and login processes: why do we need to remember so many usernames and passwords? Each application has its own set of user naming rules and password systems, with varying password policies and update cycle requirements. A direct thought arises: could we use just one set of username and password to log in to all enterprise application systems? This is what we commonly refer to as unified authentication.

In 2E scenarios (employee-facing) within enterprises, the above issue is very common. Many enterprises address this by building their own AD or LDAP directory services and then integrating all application systems with them. Some enterprises also build their own CAS Server or use commercial products like IBM Tivoli or Oracle AM as authentication services, similarly requiring integration with all application systems. Understanding these approaches, we can imagine that these application systems involve integration work oriented toward the authentication server. However, these methods also have a drawback: the applications must support modification and development to meet the requirements of these authentication servers. In reality, many commercial applications, especially SaaS applications, provide their own authentication APIs or natively support authentication protocols like SAML. They are unlikely to modify themselves to meet the requirements of a specific enterprise's authentication server. So, should the application adapt to the authentication server, or should the authentication server also adapt to the application? The conclusion is that both scenarios are needed in real-world situations.

Bamboo Cloud IDaaS supports accessing your applications and user data through standard protocols such as OIDC, OAuth 2.0, SAML, and CAS. You can confidently use Bamboo Cloud IDaaS as your Identity Provider (IDP). If you use Bamboo Cloud IDaaS as your Identity Provider, you can connect to other third-party Service Providers, such as logging into Alibaba Cloud, AWS, Azure, Jira, and more. At the same time, Bamboo Cloud IDaaS can also act as a Service Provider (SP), connecting to third-party Identity Providers through standard protocols like OIDC, OAuth 2.0, SAML, and CAS. For example, you can continue to use Azure AD, on-premises Windows AD, or local CAS Server usernames and passwords to log into your applications.

Bamboo Cloud IDaaS also supports third-party social logins such as DingTalk, WeChat Work, Feishu, WeChat, and Alipay, automatically pulling user profiles from these authentication sources into your user pool.

From the perspective of an application developer, we strive to provide various authentication methods that align with enterprise users' habits. Examples include username + password, phone number + verification code, DingTalk QR code scan, and WeChat Work QR code scan commonly used in 2E applications, as well as WeChat QR code scan, WeChat login, and Alipay login commonly used in 2C applications.