Configuring OAuth Authentication Source

Overview

To facilitate authentication and login for enterprise users, the IDaaS platform supports configuring the OAuth protocol as an authentication source. Users can authenticate and log in to various application systems via the OAuth protocol, providing enterprise users with a simpler, more convenient login method and a better user experience.

This section describes the relevant operations for configuring an OAuth authentication source.

Prerequisites

• Possess permissions for the application system of a third-party identity provider (IDP), and the identity provider supports OAuth authentication.
• Possess administrator permissions for the IDaaS Enterprise Center platform.

Steps

Third-Party OAuth Authentication Platform Configuration

1. Create an application with OAuth as the access method on the third-party platform, and complete the basic information of the application. For detailed operations, please refer to the relevant documentation of each platform.

2. Configure the application's callback address. Please obtain it from the callback address in "OAuth Authentication Source" in the IDaaS Enterprise Center platform.

   

3. Grant users access permissions to the newly created application.

IDaaS Platform Configuration of OAuth Authentication Source

1. Log in to the IDaaS Enterprise Center platform, select "Authentication > Authentication Source Management" in the top navigation bar, go to the OAuth authentication source page, and click "Add Authentication Source".

   

2. Configure the OAuth authentication source parameters according to the interface prompts. Key parameter descriptions are as follows.

   

   Parameter	Description
   Authorization Url	The authentication and authorization address of the enterprise application. Obtained from the enterprise application.
   Token Url	The address to obtain the token. Obtained from the enterprise application.
   UserInfo Url	The address to obtain user information. Obtained from the enterprise application.
   Source Attribute	The user attribute name returned after successful OAuth authentication. Must match the attribute name in the application system.
   Associated User Attribute	The mapping attribute for connecting the OAuth authentication source to IDaaS. Such as username, can be selected from the dropdown.
   When User is Not Associated	After a user successfully logs in using the OAuth authentication source, if they are not associated with a system user, actions can be taken based on this setting, such as automatically creating a user, selectable from the dropdown.

   When User is Not Associated: That is, when the associated source attribute in the user information returned by the third-party platform does not match the associated user attribute in IDaaS, and no system user is associated, the optional configuration items are as follows.

   • Fail: Set to "Fail", meaning this user is not allowed to authenticate.

   • Automatically Create User: Set to "Automatically Create User". You can choose whether to update existing attributes. Simultaneously, click "Add Mapping" to map user attributes from the third-party platform to IDaaS user attributes according to mapping rules and associated attributes, and create the user, allowing this user to pass authentication.

     Attribute descriptions are as follows:

     • User Attribute Name: Select the user attribute in IDaaS from the dropdown.
     • Mapping Type: Select Authentication Source Attribute.
     • Authentication Source Attribute Name: User attribute from the third-party platform.