All Products
Search

This Product

    Secure Access Service Edge:Connect to a WUYING Workspace identity provider

    Document Center

    Secure Access Service Edge:Connect to a WUYING Workspace identity provider

    Last Updated:Nov 24, 2025

    SASE enforces identity-driven security policies. If your enterprise uses a WUYING Workspace identity provider to manage its organizational structure, you can connect it to SASE. This eliminates the need to recreate identity information for your employees. After the connection is established, employees can log on to the SASE App using their existing enterprise accounts. This topic describes how to connect to a WUYING Workspace identity provider.

    Limits

    You can enable a maximum of five identity providers (IdPs) at a time. However, you can enable only one custom IdP at a time. If the quota for enabled IdPs is reached, you must disable an existing IdP before you can enable a new one.

    Configure a WUYING Workspace identity provider

    1. Log on to the SASE console.

    2. In the navigation pane on the left, choose Identity Authentication > Identity Access.

    3. On the Identity synchronization tab, click Create IdP.

    4. In the Create IdP panel, select WUYING, click Configure, and then complete the configuration in the wizard.

    5. In the Basic Configurations wizard, configure the parameters that are described in the following table. Then, click Confirm.

      Configuration item

      Description

      IdP Name

      Enter a name for the identity source.

      IdP Status

      Configure the status for the identity source. The valid values are:

      • Enabled: The identity source is enabled after it is created.

      • Closed: The identity source is disabled after it is created.

        Important

        If you disable an identity source, end users cannot use the SASE app to access internal applications. Proceed with caution.

      WUYING Workspace Account Configuration

      Enter the Alibaba Cloud UID for WUYING Workspace. Click Add More to add up to five UIDs.

      Automatic Synchronization

      If you enable Automatic Synchronization, the system automatically synchronizes information from WUYING Workspace based on the synchronization mode.

      If you do not enable Automatic Synchronization, you must manually synchronize the organizational structure. For more information, see View synchronization records.

      Automatic Synchronization Cycle

      Set the Automatic Synchronization Cycle. You can set the interval from 1 hour to 24 hours.

    View synchronization records

    1. On the Identity synchronization tab, find the desired identity source and click Synchronize Records in the Actions column.

    2. On the Synchronize Records page, you can view the synchronization records for the identity source.

    3. In the Synchronization Task area on the left side of the page, click a specific sync task to view its synchronization information in the list on the right.

      image

    4. Click Details in the Actions column for a specific task to view the field information of the Third-party Data Source and the SASE Data Source for that synchronization.

    Manual synchronization

    If you did not enable Automatic Synchronization when you configured the identity source, or if the structure of your identity source has changed, you must manually synchronize the information. To do this, click Create Synchronization Task and then click OK. Wait for the sync task to complete successfully before you view the synchronization records.

    Note

    After the synchronization is successful, you can view the synchronized organizational structure and employee information on the Identity Authentication > Identity Access > Employee Center tab. For more information, see Employee Center.

    Disable automatic synchronization

    • On the Identity synchronization page, find the desired identity source and turn off the switch in the Automatic Synchronization column.

    • In the Edit IdP panel, turn off the automatic synchronization switch.

    Edit a WUYING Workspace identity provider

    On the Identity synchronization page, find the WUYING Workspace identity provider that you want to edit and click Edit in the Actions column to modify its information.

    Disable a WUYING Workspace identity provider

    On the Identity synchronization page, find the WUYING Workspace identity provider that you want to disable and turn off the switch in the IdP Status column.

    Delete a WUYING Workspace identity provider

    On the Identity synchronization page, find the WUYING Workspace identity provider that you want to delete and click Delete in the Actions column.

    References

    Configure a SASE identity provider

    If your enterprise does not use an identity provider, you can use the custom identity provider in SASE to build an organizational structure. For more information, see Configure a SASE identity provider.

    Connect to a third-party identity provider

    If your enterprise uses an identity provider such as Lightweight Directory Access Protocol (LDAP), DingTalk, WeCom, Lark, or Identity as a Service (IDaaS) to manage its organizational structure, you can connect the identity provider to SASE.

    Configure a user group

    To create user groups that are separate from the organizational structure, see User group management.