All Products
Search

This Product

    Identity as a Service:Authentication Methods

    Document Center

    Identity as a Service:Authentication Methods

    Last Updated:Apr 17, 2023

    Identity as a Service (IDaaS) allows users to use multiple common login methods to access applications in a secure manner.

    image

    Login Methods

    The following table describes two login methods that come with the IDaaS system.

    Login method

    Description

    IDaaS Account and Password Logon

    By default, this method is enabled.

    Users login with their account names and passwords stored in IDaaS. Users who do not have an account name or password cannot log on by using this method. When an account is just imported from DingTalk, its password is unavailable.

    OTP via SMS

    This method is disabled by default and needs to be manually enabled.

    A mobile phone number must be bound to the account.

    The SMS message can be viewed but cannot be modified.

    No SMS fee is charged for the current version.

    Add a login method

    Other login methods provided in IDaaS must be enabled based on the Identity Provider (IdP) configuration.

    When an administrator adds an IdP, a login capability may be automatically added as a login method.

    image

    If you do not enable this feature when you bind a DingTalk account, you can enable this feature on the IdPs page. After you enable this feature for the first time, the corresponding login method is automatically created.

    The status of a login method on the IdPs page is consistent with that on the Sign-In menu.

    Disable a login method

    After a login method is disabled, it becomes unavailable and is not displayed on the login page.

    Logon settings

    Configure the basic settings for IDaaS login.

    image

    The following table describes the parameters that you can configure in Sign-In Settings.

    Parameter

    Description

    Example

    Primary Authentication Method

    Specifies the default primary login method displayed on the IDaaS login page. Users can switch to another method on the login page.

    IDaaS Account and Password Logon

    Session Validity Period

    Specifies the validity period of the login session after a user logs on to IDaaS in a browser. After the validity period expires, the user must log on to IDaaS again.

    8 hours

    Idle Session Timeout Period

    Specifies the timeout period of the login session during which users are inactive. After the timeout period expires, users need to log on again.

    2 hours