Overview

Usage Scenarios

Zhuyun IDaaS Identity Cloud manages the full lifecycle of enterprise employee identity information. The data synchronization process is divided into two stages overall: Stage 1 automatically synchronizes organizational structure and user information from the enterprise authoritative data source (HR system) to the IDaaS user pool; Stage 2, after the enterprise administrator authorizes users to access applications, IDaaS Identity Cloud synchronizes the authorized application organizations and application accounts (users) to downstream application systems.

Once we have completed the first stage, how do we achieve the second stage of synchronizing authorized organizations and users to downstream applications? This chapter will focus on explaining how to synchronize enterprise employee identity information to application systems.

• IDaaS comes pre-integrated with identity synchronization connectors (Connectors) for many mainstream application systems in the market. Only simple parameter configuration of the connector is needed; it's ready to use out-of-the-box, requiring no code modifications to automatically synchronize changes in organization and user information to downstream application systems. For details, please refer to Application Integration -> Find the application you are using.
• When the application system you are using is not in our pre-integrated application list (e.g., a system independently developed by the R&D team), IDaaS provides an event callback-based identity synchronization protocol. Developers can develop and debug according to the synchronization protocol interfaces provided by the platform to achieve automatic data linkage of identity information from IDaaS to the application system.

What is an Application Connector?

To reduce the integration difficulty and cycle for customer application systems, the IDaaS platform, through years of accumulation and experience in application system integration, has performed product-level adaptation and fusion with mainstream office systems and SaaS commercial application systems, continuously enriching and improving the application ecosystem of the IDaaS Identity Cloud platform. With the help of identity synchronization connectors (Connectors), when events such as employee onboarding, transfer, or departure occur, changes from the enterprise HR system are automatically synchronized to downstream application systems, eliminating the need for developers to perform any code modifications or integration debugging, achieving zero-cost data linkage between upstream and downstream systems.

What is Event Callback?

Event callback is an active push notification mode (Push), where IDaaS actively pushes event messages to the application system. Each application system that needs to receive message event notifications needs to register a URL address in the IDaaS platform to receive messages. After the enterprise administrator authorizes the application system's organizational structure and user permissions on the IDaaS platform, the IDaaS platform pushes the changed information to the application system at the first opportunity. Upon receiving the event message, the application system verifies the signature, decrypts the organization or user information according to the protocol specification, and stores it in its own system database.

Which Method Should We Choose?

Integration Method	Application Scenario	Description
Application Connector	Limited to the pre-integrated application ecosystem of IDaaS. The application system supports standard open identity interfaces, and both systems undergo product-level adaptation and fusion. This method cannot be used if the application system is not within the IDaaS application ecosystem.	No code modifications required, simple configuration, ready to use out-of-the-box.
Event Callback	Mainly used for enterprise self-developed business systems, where the system's openness is relatively weak, and the degree of standardization is not high.	Requires simple code development.