Skip to content

What is Unified Authentication

In daily work, have you ever encountered this problem?

Every application has its own independent username and password rules, with different password policies and update cycles, requiring you to remember a lot of account information.

Unified authentication is designed to solve this problem. Its core idea is: one set of username and password to log in to all enterprise application systems.

Limitations of Traditional Enterprise Schemes

In 2E (enterprise employee) scenarios, many enterprises implement unified authentication through the following methods:

SchemeLimitation
Self-built AD / LDAPOnly supports applications that can be transformed; SaaS applications are hard to connect
Self-built CAS ServerRequires applications to actively adapt; high transformation cost for commercial apps
Commercial products (IBM Tivoli, Oracle AM, etc.)Expensive, complex integration

The common flaw of these schemes is that applications must support transformation and development to adapt to the authentication service requirements. However, many commercial applications (especially SaaS applications) provide their own authentication APIs or support standard protocols and cannot be transformed for a specific enterprise's authentication service.

Core contradiction: Should applications adapt to the authentication service, or should the authentication service also adapt to applications? In real scenarios, both needs exist.

BambooCloud IDaaS Solution

BambooCloud IDaaS supports both IdP (Identity Provider) and SP (Service Provider) roles, flexibly adapting to various scenarios:

As IdP

BambooCloud IDaaS provides unified authentication services for downstream applications through standard protocols such as OIDC, OAuth 2.0, SAML, and CAS. Enterprises can use BambooCloud IDaaS as the identity center to connect various applications:

Alibaba Cloud, AWS, Azure, Jira, and others can all be connected through standard protocols.

As SP

BambooCloud IDaaS can also connect to third-party identity providers through standard protocols, reusing the enterprise's existing authentication system:

Azure AD, local Windows AD, and local CAS Server user passwords can be directly used for login.

Social Authentication Integration

In addition, BambooCloud IDaaS supports third-party social authentication login such as DingTalk, WeCom, Feishu, WeChat, and Alipay, automatically pulling user profiles into the user pool.

Rich Authentication Methods

BambooCloud IDaaS provides various authentication methods close to user habits:

ScenarioAuthentication Method
2E office applicationsUsername/password, SMS code, DingTalk scan, WeCom scan
2C consumer applicationsWeChat scan, WeChat login, Alipay login

Through unified authentication, enterprises can protect existing investments while smoothly accessing new applications, achieving true "one account, access everywhere".

BambooCloud IDaaS Open Platform