All Products
Search

This Product

    Identity as a Service:Provision Accounts - IDaaS Event Callback

    Document Center

    Identity as a Service:Provision Accounts - IDaaS Event Callback

    Last Updated:Jun 16, 2023

    You can synchronize organizations and accounts between IDaaS and applications. For more information, see Provision accounts and organizations.

    IDaaS allows you to synchronize all IDaaS accounts to an application at one time. IDaaS can also send notifications on incremental changes.

    image

    Go to the Provisioning tab, turn on Synchronize IDaaS Users on Application, and configure the Synchronization Scope parameter.

    After you set the synchronization scope, the application can obtain the organization and account information of the specified IDaaS node.

    Configure push settings

    Go to the Provisioning tab in application.

    image

    Configure basic push parameters. The following table describes the parameters.

    Parameter

    Description

    Example

    Synchronization Scope

    The organization that you want to synchronize. If you perform this operation by using API operations, you can synchronize only the data of the organization.

    Alibaba Cloud IDaaS

    Public Key Endpoint

    The synchronization request contains a signature. The receiver needs to obtain the public key from IDaaS and verify the synchronization request.

    -

    Outbound IP Address

    Add the outbound IP address of IDaaS to the whitelist of your application to ensure that IDaaS requests can be received as expected.

    URL for Receiving Synchronization Requests

    The URL that is used to receive the synchronization request.

    This URL must follow the rules in the development guide and serve multiple purposes including connection testing, receiving accounts, and receiving organizations. For more information, see Push accounts from IDaaS in Development Guide.

    http://www.example.com/accounts/provision

    Encryption

    If you select this option, service data is encrypted by using a key and then transmitted. When data needs to be transmitted over the Internet, we recommend that you select this option to ensure secure data transmission.

    The parameter is cleared.

    Encryption Key

    The key that is used to encrypt service data.

    The key can be generated by IDaaS or entered manually.

    2fdc67ca538cc9500bcad6518390feb937b58e9102b00bffb30a292112fdf626

    Password Synchronization

    If you select this option, plaintext passwords are passed in the data for a specific event. The events are:

    • Create User

    • Change Account Password (change or reset password)

    If you select Service Data Encryption at the same time, passwords and service data are encrypted during transmission.

    The parameter is cleared.

    After you configure push settings, you can also subscribe to change events to receive push notifications when events occur.

    image

    IDaaS defines more than ten types of account and organization change events. The events are divided into incremental events and full change events. For more information, see Contacts events.

    After the configuration is complete, you can perform the following operations when Synchronize IDaaS Users on Application is turned on.

    • Click Test Connectivity to verify that the connection is correct, the network access is stable, and the request can be processed as expected.

    • Click Synchronize to initiate full synchronization.

    image

    To receive the event requests sent from IDaaS, you must complete the development procedures in Account synchronization overview.