Configuring Yunzhijia Authentication Source

Overview

Yunzhijia authentication login allows users to securely log in to third-party applications or websites using Yunzhijia as the authentication source. To facilitate enterprise user authentication and login, the IDaaS platform supports configuring Yunzhijia as an authentication source. Users can log in to the IDaaS User Center via Yunzhijia authentication and then single sign-on to various application systems from the User Center. This provides enterprise users with a simpler, more convenient login method and a better user experience.

This section describes the related operations for configuring a Yunzhijia authentication source.

Prerequisites

• Have administrator permissions on the Yunzhijia Developer Platform.

• Have administrator permissions on the IDaaS Enterprise Center platform.

Procedure

Creating an Application on the Yunzhijia Developer Platform

1. Log in to the Yunzhijia Developer Platform (opens new window), click "New Application", fill in the basic application information, and click "Confirm" to save after configuration is complete. You will be directed to the application details page.

   

2. On the details information page, obtain information such as the App ID and App Secret.

   

3. After creating the application, switch to the "Feature Development" page, enable the lightweight application switch, and configure the access URLs for the mobile, web, and desktop ends according to actual needs.

   

   URL configuration composition: https://{Tenant Domain}:{Tenant Port}/api/ams/login/yunzj?application_id={ClientId}.

   The tenant domain is obtained from "Settings > Enterprise Information" in the IDaaS Enterprise Center; the ClientId is obtained from the "General Information" page of the User Center application in the "Resources > Applications" page of the IDaaS platform.

Adding a Yunzhijia Authentication Source in IDaaS

1. Log in to the IDaaS Enterprise Center platform, select "Authentication > Authentication Source Management" from the top navigation bar, go to the Yunzhijia authentication source page, and click "Add Authentication Source".

   

2. Configure the Yunzhijia authentication source parameters according to the interface prompts. Key parameter descriptions are as follows.

   

   When no user is associated: This refers to when the associated source attribute of the user information returned by Yunzhijia does not match the associated user attribute in IDaaS, and no system user is linked. The available configuration options are as follows.

   • Bind: Set to "Bind". When no user is linked, it will redirect to a phone number or email verification page. If an existing IDaaS phone number or email is entered and verified successfully, that user passes authentication.

   • Bind or Register: Set to "Bind or Register". When no user is linked, it will redirect to a phone number or email verification page. If an existing IDaaS phone number or email is entered and verified successfully, that user passes authentication; if a phone number or email not existing in IDaaS is entered and verified successfully, an IDaaS user will be created based on that phone number or email and passes authentication.

   • Fail: Set to "Fail", meaning the user is not allowed to pass authentication.

   • Automatically Create User: Set to "Automatically Create User". Click "Add Mapping" to map user attributes from Yunzhijia to IDaaS user attributes according to mapping rules and associated attributes, create the user, and allow that user to pass authentication.

     Attribute descriptions are as follows:

     • User Attribute Name: Select the user attribute in IDaaS from the dropdown.

     • Mapping Type: Select Authentication Source Attribute.

     • Authentication Source Attribute Name: Yunzhijia user attribute.