All Products
Search

This Product

    Identity as a Service:General configurations

    Document Center

    Identity as a Service:General configurations

    Last Updated:Dec 26, 2024

    Each application has some general configurations and feature-specific configurations. You can manage general configurations of applications on the General tab.

    To access the General tab, click Applications in the menu, find the application that you want to manage, and then click Manage.

    In the current version of Identity as a Service (IDaaS), administrators can enable or disable API operations and rotate secrets.

    aliyun

    API operations

    IDaaS provides a variety of API operations for each application. You can enable some API operations for an application so that the application can call these API operations to implement certain features. The following API operations are provided:

    • API operations for single sign-on (SSO) based on OpenID Connect (OIDC)

    • API operations for account synchronization

    • API operations for permission management (coming soon)

    An application must exchange its client_id and client_secret configured on the General tab for an access_token to call these API operations.

    Note

    The client_id starts with "app_" and is about 26 characters in length. By default, the client_id is the same as the application ID. A client_secret is a random string that starts with CS and is between 44 and 46 characters in length.

    In the current version of IDaaS, administrators can enable or disable API operations and rotate secrets.

    Secret rotation

    You can customize the interval of secret rotation for each application.

    To make secret rotation easier, IDaaS allows you to configure at most two client_secrets for an application and enable at least one client_secret.

    During the rotation period, you can keep both of the client_secrets enabled. After you confirm that the old client_secret is no longer needed, you can delete the old client_secret.

    oidc

    To ensure security, we recommend that you rotate secrets every three months or according to specific compliance requirements. The following steps show you how to rotate secrets:

    1. Create a new client_secret.

    2. Replace the old client_secret with the new one.

    3. Disable the old client_secret. When you disable a client_secret, you will be prompted the last time when this client_secret was used. After you confirm that the client_secret is no longer used, you can disable it.

    4. Verify whether the running of the application is affected.

    5. After you confirm that the running of the application is not affected, you can delete the old client_secret.

    Basic Information

    Parameter

    Description

    ID

    The ID of the application. The application ID is for reference only and cannot be changed.

    Source

    The template used to create the application. The source cannot be changed.

    Valid values: Template Application, Standard Protocol, and Custom Applications.

    Name

    The display name of the application.

    Application Icon

    The icon of the application. The icon file must be in the PNG or JPG format and cannot exceed 1 MB in size. We recommend that you set the pixel aspect ratio to 256*256.