Configuring WeChat Work Passwordless Login

Overview

This chapter describes the configuration process for users to log in passwordlessly to IDaaS-integrated applications within the WeChat Work PC client or mobile app. After configuring the integrated WeChat Work authentication source on the IDaaS platform, refer to this module to configure WeChat Work passwordless login for various application systems.

Prerequisites

• Have access management permissions for the IDaaS Enterprise Center.
• Have administrator permissions for the WeChat Work Open Platform account and have already created an application.
• The application has been integrated on the IDaaS platform.
• Have already configured the WeChat Work authentication source on the IDaaS platform.

Configuration Process

Steps

The example application in this article is an OAuth protocol application created in IDaaS: OAUTH_1. Applicable application scope: all self-built applications and pre-integrated applications that perform authentication integration with IDaaS through protocols.

Configuring WeChat Work Authentication for the Application

1. Log in to the IDaaS Enterprise Center platform, select "Resources > Applications" in the top navigation bar, using the OAuth protocol application as an example, select "OAUTH_1", switch to the "Login Configuration" tab, scroll down to WeChat Work, and enable the previously added WeChat Work authentication source.

   

2. Switch to the "Authentication Integration" tab, select "Mount Address", and copy the application's PC-side mount URL.

   

   Some pre-integrated applications do not support IDP-initiated single sign-on. Please ignore this step for those, such as Huawei Cloud and Tencent Cloud. For detailed configuration, please refer to the following sections.

WeChat Work Management Console Configuration

1. Log in to the WeChat Work Open Platform (opens new window), select "Application Management", find the previously created application and enter it, click the settings icon next to "Application Homepage", and change the "Application Homepage Address" to the mount address of the application in IDaaS.

   

   If configuring passwordless login for applications like Huawei Cloud or Tencent Cloud, the application homepage address should be the login link of the identity provider created in the Huawei Cloud or Tencent Cloud console.

   

   

Verifying WeChat Work Client Passwordless Login

The actual process of WeChat Work passwordless login is related to the two options "Account Auto-Binding" and "When No User is Associated" in the Configure WeChat Work Authentication Source configuration. Please refer to the interface prompts for login.

1. The user logs into the WeChat Work client, finds the application created in WeChat Work, clicks on the application, and can then log in passwordlessly to OAUTH_1.

   

2. The user logs into the WeChat Work mobile app, finds the application created in WeChat Work, clicks on the application, and can then log in passwordlessly to OAUTH_1.