All Products
Search

This Product

    Identity as a Service:Address book events

    Document Center

    Identity as a Service:Address book events

    Last Updated:Apr 17, 2024

    Overview

    This topic describes how to synchronize address book events of Identity as a Service (IDaaS) to applications, and provides details about the event parameters.

    For more information about the integration and call processes, see Overview.

    Address book events in IDaaS are classified into the following categories:

    1. Test events

    After synchronization configuration is complete, an administrator can click Test Connectivity to check whether the configuration is successful.

    This feature allows an application to receive special test events.

    2. Incremental events

    Incremental events refer to operations that are automatically triggered by changes that occur in IDaaS.

    These events are used to continuously and incrementally synchronize data between IDaaS and applications.

    3. Full events

    Full events refer to synchronization operations that are manually triggered by an administrator in IDaaS.

    These events are used to import data from IDaaS to an application at one time.

    Events

    Category

    Event

    Code

    Test events

    Test the connectivity.

    urn:alibaba:idaas:app:event:common:test

    Incremental events

    for address book

    Create an account.

    urn:alibaba:idaas:app:event:ud:user:create

    Delete an account.

    urn:alibaba:idaas:app:event:ud:user:delete

    Update the basic information about an account.

    urn:alibaba:idaas:app:event:ud:user:update_info

    Change the password of an account.

    urn:alibaba:idaas:app:event:ud:user:update_password

    Disable an account.

    urn:alibaba:idaas:app:event:ud:user:disable

    Enable an account.

    urn:alibaba:idaas:app:event:ud:user:enable

    Lock an account.

    urn:alibaba:idaas:app:event:ud:user:lock

    Unlock an account.

    urn:alibaba:idaas:app:event:ud:user:unlock

    Move an account.

    urn:alibaba:idaas:app:event:ud:user:update_primary_ou

    Create an organization.

    urn:alibaba:idaas:app:event:ud:organizational_unit:create

    Delete an organization.

    urn:alibaba:idaas:app:event:ud:organizational_unit:delete

    Update an organization.

    urn:alibaba:idaas:app:event:ud:organizational_unit:update

    Move an organization.

    urn:alibaba:idaas:app:event:ud:organizational_unit:update_parent_organizational_unit

    Full events

    for address book

    Synchronize all organizations.

    urn:alibaba:idaas:app:event:ud:organizational_unit:push

    Synchronize all accounts.

    urn:alibaba:idaas:app:event:ud:user:push

    Data security

    IDaaS passes the complete account or organization information for all account and organization events as parameters to the event listener.

    If the data contains sensitive information, we recommend that you use an HTTPS secure tunnel or enable service data encryption during data transmission.

    Test the connectivity

    This event tests the connectivity based on the configuration information and validates the signature verification and encryption capabilities.

    This event is a separate event type. Event code: urn:alibaba:idaas:app:event:common:test.

    Note

    This event can be triggered only by performing a test with one click in the IDaaS console. You cannot trigger the event by calling an API operation.

    The following code shows the payload part of a sample request after signature verification:

    {
  "iss": "urn:alibaba:idaas:app:event",
  "sub": "idaas_rhhoqmlnyu3cv7ow657gyvurky",
  "aud": "app_mjavzivahje6zxkbc4i2bierdu",
  "exp": 1648711369,
  "iat": 1648709570,
  "jti": "bNRrCYrqXjqe8B1xweqlZw",
  "dataEncrypted": false,
  "cipherData": "",
  "plainData": {
    "instanceId": "idaas_rhhoqmlnyu3cv7ow657gyvurky",
    "aliUid": 151971404963****,
    "eventVersion": "V1.0",
    "eventData": [
         {
          "eventId":"evnt_aaaac766x2somw2ptotoyk6ag6bmfkt5xpqprpq",
          "eventType":"urn:alibaba:idaas:app:event:common:test",
          "eventTime":"1648709509849",
          "bizId":"evnt_aaaac766x2somw2ptotoyk6ag6bmfkt5xpqprpq",
          "bizData":"{\"bizData\":\"req_xxxxxxxxxxsdfsdfsfd\"}"
         }
     ]
  }
}

    After the application receives the request, the application must respond to the request and make sure that the value of the eventId parameter in successEvents is the same as that in the request.

    Otherwise, the test request fails. 

    {
  "successEvents": [
    {
      "eventId": "evnt_aaaac766x2somw2ptotoyk6ag6bmfkt5xpqprpq",
      "eventCode": "SUCCESS",
      "eventMessage": "SUCCESS"
    }
  ],
  "skippedEvents": [
    {
      "eventId": "",
      "eventCode": "",
      "eventMessage": ""
    }
  ],
  "failedEvents": [
    {
      "eventId": "",
      "eventCode": "",
      "eventMessage": ""
    }
  ],
  "retriedEvents": [
    {
      "eventId": "",
      "eventCode": "",
      "eventMessage": ""
    }
  ]
}

    Create an account

    You can subscribe to this event to create an account for an onboarded employee.

    Event code: urn:alibaba:idaas:app:event:ud:user:create

    Example of parsed bizData:

    {
    "password": "ssGp96", 
    "userId": "user_4alcbywzc7jyl23lu2srljsw7i", 
    "username": "zhangsan", 
    "displayName": "Bob", 
    "passwordSet": true, 
    "phoneRegion": "", 
   "phoneNumber": "155****5620",
    "phoneVerified": false, 
    "email":"zh***@163.com",
    "emailVerified": false, 
    "userExternalId": "user_4alcbywzc7jyl23lu2srljsw7i", 
    "userSourceType": "build_in", 
    "userSourceId": "idaas_rhhoqmlnyu3cv7ow657gyvurky", 
    "status": "enabled", 
    "accountExpireTime": "-1", 
    "registerTime": "1648531553621", 
    "lockExpireTime": "-1", 
    "createTime": "1648531553621", 
    "updateTime": "1648531553621", 
    "description": "", 
    "customFields": [
        {
            "fieldName": "test_custom_field", 
            "fieldValue": "test_value"
        }
    ],
    "primaryOrganizationalUnitId": "ou_bvluxnp2ef36uupdwob6km34a4",
    "organizationalUnits": [
        {
            "organizationalUnitId": "ou_bvluxnp2ef36uupdwob6km34a4", 
            "organizationalUnitName": "Development department", 
            "primary": true
        }
    ]
}

    Parameters

    Parameter

    Data type

    Description

    userId

    String

    The ID of the user.

    username

    String

    The username of the account.

    displayName

    String

    The display name of the user, which is typically the username.

    passwordSet

    Boolean

    Indicates whether a password is set.

    phoneRegion

    String

    The code of the country or region for the mobile number of the user.

    phoneNumber

    String

    The mobile number.

    phoneVerified

    Boolean

    Indicates whether the mobile number of the user is verified. This feature is not available now.

    email

    String

    The email address.

    emailVerified

    Boolean

    Indicates whether the email address of the user was verified. This feature is not available now.

    userExternalId

    String

    The external ID of the user. If the account is created in IDaaS, the value is the same as the user ID. If the account is synchronized from an external source, the value is the ID the user from the external source. For example, if the account is synchronized from DingTalk, the value is the ID of the DingTalk user.

    userSourceType

    String

    The source type of the account. If the account is created in IDaaS, the value is "build_id".

    userSourceId

    String

    The source ID of the account.

    password

    String

    The password of the account. The value is passed if password synchronization is enabled and the user sets a password.

    status

    String

    The status of the account. Valid values: enabled and disabled.

    accountExpireTime

    Long

    The time when the account expires.

    registerTime

    Long

    The time when the account was registered.

    lockExpireTime

    Long

    The time when the lock on the account expires. The account is unlocked upon the lock expiration time.

    createTime

    Long

    The time when the account was created.

    updateTime

    Long

    The time when the account was updated.

    description

    String

    The description of the account.

    customFields

    List

    The extended fields.

    -fieldName

    String

    The name of the field.

    -fieldValue

    String

    The value of the field.

    primaryOrganizationalUnitId

    String

    The primary organization to which the account belongs.

    organizationalUnits

    List

    The organizations to which the account belongs.

    -organizationalUnitId

    String

    The ID of the organization.

    -organizationalUnitName

    String

    The name of the organization.

    -primary

    Boolean

    Indicates whether the account belongs to a primary organization. Valid values: true: The account belongs to a primary organization. false: The account does not belong to a primary organization.

    Delete an account

    You can subscribe to this event to delete an account from the address book when an employee is offboarded.

    Event code: urn:alibaba:idaas:app:event:ud:user:delete

    For an example of parsed bizData, see the "Create an account" section of this topic.

    Update the basic information about an account

    You can subscribe to this event to update the basic information about an account, such as a change in the mobile number, email address, or username. This event can synchronize changes to applications at the earliest opportunity.

    Event code: urn:alibaba:idaas:app:event:ud:user:update_info

    For an example of parsed bizData, see the "Create an account" section of this topic.

    Change the password of an account

    You can subscribe to this event in scenarios in which an administrator needs to reset the password of a user or users need to change their own passwords. This event can synchronize the new password to applications.

    Note: When you subscribe to this event, you must specify the synchronization scope for the event to take effect. Otherwise, changes are not synchronized to the applications. For more information, see Provision Accounts - IDaaS Event Callback.

    Event code: urn:alibaba:idaas:app:event:ud:user:update_password

    For an example of parsed bizData, see the "Create an account" section of this topic.

    Enable an account

    You can subscribe to this event to change the status of an account from disabled to enabled.

    Event code: urn:alibaba:idaas:app:event:ud:user:enable

    For an example of parsed bizData, see the "Create an account" section of this topic.

    Disable an account

    You can subscribe to this event to change the status of an account from enabled to disabled.

    Event code: urn:alibaba:idaas:app:event:ud:user:disable

    For an example of parsed bizData, see the "Create an account" section of this topic.

    Lock an account

    You can subscribe to this event to lock an account in scenarios in which the account status changes to be inactive. For example, the account is locked when the user enters an incorrect password multiple times.

    Event code: urn:alibaba:idaas:app:event:ud:user:lock

    For an example of parsed bizData, see the "Create an account" section of this topic.

    Unlock an account

    You can subscribe to this event to change the status of an account from locked to normal.

    Event code: urn:alibaba:idaas:app:event:ud:user:unlock

    For an example of parsed bizData, see the "Create an account" section of this topic.

    Move an account

    You can subscribe to this event to change the primary organization to which an account belongs.

    Event code: urn:alibaba:idaas:app:event:ud:user:update_primary_ou

    For an example of parsed bizData, see the "Create an account" section of this topic.

    Create an organization

    You can subscribe to this event to create an organization.

    Event code: urn:alibaba:idaas:app:event:ud:organizational_unit:create

    Example of parsed bizData:

    {
    "organizationalUnitId": "ou_dqdvxesykpfhig2kvgrzpeoeyu", 
    "organizationalUnitName": "The name of the organizational", 
    "parentId": "ou_dqdvxesykpdfasdfaseoeyu", 
    "organizationalUnitExternalId": "ou_dqdvxesykpfhig2kvgrzpeoeyu", 
    "organizationalUnitSourceType": "build_in", 
    "organizationalUnitSourceId": "idaas_rhhoqmlnyu3cv7ow657gyvurky", 
    "createTime": "1648451475209", 
    "updateTime": "1648451475209",
    "description":"Created in IDaaS"
}

    Parameters

    Parameter

    Data type

    Description

    organizationalUnitId

    String

    The ID of the organization.

    organizationalUnitName

    String

    The name of the organization.

    parentId

    String

    The ID of the parent organization.

    organizationalUnitExternalId

    String

    The external ID of the organization.

    The value is the organization ID if the organization is created in IDaaS. If the organization is synchronized from an external source, the value is the ID of the organization from the external source. For example, if the organization is synchronized from DingTalk, the value is the ID of the corresponding DingTalk department.

    organizationalUnitSourceType

    String

    The source type of the organization.

    organizationalUnitSourceId

    String

    The source ID of the organization.

    createTime

    Long

    The time when the organization was created.

    updateTime

    Long

    The time when the organization was last updated.

    description

    String

    The description of the organization.

    Delete an organization

    You can subscribe to this event to delete an organization.

    Event code: urn:alibaba:idaas:app:event:ud:organizational_unit:delete

    For an example of parsed bizData, see the "Create an organization" section of this topic.

    Update an organization

    You can subscribe to this event to modify the basic information of an organization, such as the organization name.

    Event code: urn:alibaba:idaas:app:event:ud:organizational_unit:update

    For an example of parsed bizData, see the "Create an organization" section of this topic.

    Move an organization

    You can subscribe to this event to update the parent organization of an organization.

    Event code: urn:alibaba:idaas:app:event:ud:organizational_unit:update_parent_organizational_unit

    For an example of parsed bizData, see the "Create an organization" section of this topic.

    Synchronize all organizations

    Event code: urn:alibaba:idaas:app:event:ud:organizational_unit:push

    For an example of parsed bizData, see the "Create an organization" section of this topic.

    Synchronize all accounts

    Event code: urn:alibaba:idaas:app:event:ud:user:push

    For an example of parsed bizData, see the "Create an organization" section of this topic.