All Products
Search

This Product

    Secure Access Service Edge:Connect a Lark IdP to SASE

    Document Center

    Secure Access Service Edge:Connect a Lark IdP to SASE

    Last Updated:Nov 22, 2024

    Secure Access Service Edge (SASE) issues identity-driven security policies. If an enterprise uses a Lark identity provider (IdP) to manage the organizational structure, the enterprise can connect the Lark IdP to SASE without the need to configure identity information about the users of the enterprise. After the enterprise connects the Lark IdP to SASE, the users of the enterprise can log on to the SASE client by using the same account system as the enterprise. This topic describes how to connect a Lark IdP to SASE.

    Limits

    You can enable only one IdP or one IdP combination. An IdP combination contains multiple IdPs. If an IdP or IdP combination is enabled, you must disable the IdP or IdP combination before you can enable another IdP or IdP combination.

    Configure a Lark IdP

    1. Log on to the SASE console. In the left-side navigation pane, choose Identity Authentication and Management > Identity Access.

    2. On the IdP Management page, click the IdP Management tab. On the tab, click Add IdP. In the Add IdP panel, set the Authentication Type parameter to Single IdP and select Lark from the the Enterprise IdP drop-down list. Configure the following parameters to configure a Lark IdP. Then, click Connectivity Test.

      Parameter

      Description

      Configuration Name

      The name of the Lark IdP.

      The name must be 2 to 100 characters in length and can contain letters, digits, hyphens (-), and underscores (_).

      Description

      The description of the IdP.

      The description is displayed on the SASE client as the logon title. This provides users with the IdP information when they log on to the SASE client.

      App ID

      The ID of a self-managed application in Lark.

      App Secret

      The secret of the self-managed application in Lark.

      Event Subscription

      After you configure event subscription, the organizational structure of users is synchronized to SASE. This ensures the timeliness of SASE security policies when the organizational structure is adjusted or specific users are resigned.

      • Encrypt Key

        The encryption key that is used. You can obtain the encryption key on the contacts synchronization page on Lark Developer.

      • Verification Token

        The verification token that is used. You can obtain the verification token on the contacts synchronization page of the required application on Lark Developer.

      • Request URL: the request URL that is used to configure subscription management on Lark Developer.

        The subscribed events include Department New, Department Deleted, Department Information Change, Employee Resignation, and Employee Information Change.

      Redirect URL

      The value is fixed as https://login.aliyuncsas.com/open-dev/feishu.

      This value is used to configure the redirect URL on Lark Developer.

      IdP Configuration Status

      Specifies whether to enable the IdP. Valid values:

      • Enabled: If no IdP is enabled, you can enable the created IdP. If an IdP or IdP combination is enabled, you must disable the IdP or IdP combination on the IdP Management page before you can enable another IdP or IdP combination.

      • Disabled: You can disable the created IdP and enable it later.

      Note

      If the Connection Failed message appears, check whether the specified information is valid.

    3. After the connectivity test succeeds, click OK.

    Disable a Lark IdP

    On the IdP Management tab, find the Lark IdP that you want to manage and turn off the switch in the Status column.

    View the information about a Lark IdP

    On the IdP Management tab, find the Lark IdP that you want to manage and click Details in the Actions column.

    Delete a Lark IdP

    On the IdP Management tab, find the Lark IdP that you want to manage and click Delete in the Actions column.

    Modify the information about a Lark IdP

    On the IdP Management tab, find the Lark IdP that you want to manage and click Edit in the Actions column.

    References

    Configure a SASE IdP

    If your enterprise does not use a third-party IdP, you can establish an organizational structure by using a custom IdP provided by SASE. For more information, see Configure a SASE IdP.

    Connect a third-party IdP

    If your enterprise uses one of the following IdPs to manage the organizational structure of the enterprise, you can connect the IdP to SASE: Lightweight Directory Access Protocol (LDAP), DingTalk, WeCom, Lark, and Identity as a Service (IDaaS).

    Configure an IdP combination

    If your enterprise wants to use multiple IdPs to manage its organizational structure, you can configure an IdP combination by using SASE. For more information, see Configure an IdP combination.

    Configure a user group

    For more information, see Configure a user group.