What is Unified Authentication
In daily work, have you ever encountered this problem?
Every application has its own independent username and password rules, with different password policies and update cycles, requiring you to remember a lot of account information.
Unified authentication is designed to solve this problem. Its core idea is: one set of username and password to log in to all enterprise application systems.
Limitations of Traditional Enterprise Schemes
In 2E (enterprise employee) scenarios, many enterprises implement unified authentication through the following methods:
| Scheme | Limitation |
|---|---|
| Self-built AD / LDAP | Only supports applications that can be transformed; SaaS applications are hard to connect |
| Self-built CAS Server | Requires applications to actively adapt; high transformation cost for commercial apps |
| Commercial products (IBM Tivoli, Oracle AM, etc.) | Expensive, complex integration |
The common flaw of these schemes is that applications must support transformation and development to adapt to the authentication service requirements. However, many commercial applications (especially SaaS applications) provide their own authentication APIs or support standard protocols and cannot be transformed for a specific enterprise's authentication service.
Core contradiction: Should applications adapt to the authentication service, or should the authentication service also adapt to applications? In real scenarios, both needs exist.
BambooCloud IDaaS Solution
BambooCloud IDaaS supports both IdP (Identity Provider) and SP (Service Provider) roles, flexibly adapting to various scenarios:
As IdP
BambooCloud IDaaS provides unified authentication services for downstream applications through standard protocols such as OIDC, OAuth 2.0, SAML, and CAS. Enterprises can use BambooCloud IDaaS as the identity center to connect various applications:
Alibaba Cloud, AWS, Azure, Jira, and others can all be connected through standard protocols.
As SP
BambooCloud IDaaS can also connect to third-party identity providers through standard protocols, reusing the enterprise's existing authentication system:
Azure AD, local Windows AD, and local CAS Server user passwords can be directly used for login.
Social Authentication Integration
In addition, BambooCloud IDaaS supports third-party social authentication login such as DingTalk, WeCom, Feishu, WeChat, and Alipay, automatically pulling user profiles into the user pool.
Rich Authentication Methods
BambooCloud IDaaS provides various authentication methods close to user habits:
| Scenario | Authentication Method |
|---|---|
| 2E office applications | Username/password, SMS code, DingTalk scan, WeCom scan |
| 2C consumer applications | WeChat scan, WeChat login, Alipay login |
Through unified authentication, enterprises can protect existing investments while smoothly accessing new applications, achieving true "one account, access everywhere".