Skip to content

Configure OAuth Authentication Source

To facilitate enterprise user authentication login, the IDaaS platform supports configuring the OAuth protocol as an authentication source. Users can authenticate and log in to various application systems through the OAuth protocol, bringing enterprise users a simpler and more convenient login method and better user experience.

This guide explains the related operations for configuring an OAuth authentication source.

Prerequisites

  • Permissions for the third-party identity provider (IDP) application system, and the IDP supports OAuth authentication.
  • Administrator permissions for the IDaaS Enterprise Center.

Procedure

Third-Party OAuth Authentication Platform Configuration

  1. On the third-party platform, create an application with OAuth as the access method, and complete the application's basic information. For details, refer to the documentation of each platform.

  2. Configure the application's callback URL. Obtain this from the callback address in the OAuth Authentication Source in the IDaaS Enterprise Center.

    Steps

  3. Grant users access to the newly created application.

Configure OAuth Authentication Source in IDaaS

  1. Log in to the IDaaS Enterprise Center, choose Authentication > Authentication Source Management from the top navigation bar, enter the OAuth authentication source page, and click Add Authentication Source.

    Steps

  2. Configure the OAuth authentication source parameters as prompted. Key parameters are described below.

    Steps

    ParameterDescription
    Authorization URLThe enterprise application's authentication authorization address. Obtain from the enterprise application.
    Token URLThe address for obtaining tokens. Obtain from the enterprise application.
    UserInfo URLThe address for obtaining user information. Obtain from the enterprise application.
    Source Association AttributeThe user attribute name returned after OAuth authentication succeeds. Must be consistent with the application system's attribute name.
    User Association AttributeThe mapping attribute for the OAuth authentication source to connect with IDaaS. Such as username, selectable from the dropdown.
    When User Not AssociatedWhen the user successfully logs in using the OAuth authentication source but is not associated with a system user, operations can be performed according to this setting, such as auto-create user, selectable from the dropdown.

    TIP

    When User Not Associated: When the source association attribute of the user information returned by the third-party platform does not match the associated user attribute in IDaaS, and no system user is associated, the optional configurations are as follows.

    • Fail: Set to Fail, meaning the user is not allowed to pass authentication.

    • Auto Create User: Set to Auto Create User. You can choose whether to update existing attributes, and click Add Mapping to map user attributes from the third-party platform to IDaaS user attributes based on mapping rules and associated attributes, and create the user so that the user can pass authentication.

      Attribute descriptions are as follows:

      • User Attribute Name: Select an IDaaS user attribute from the dropdown.
      • Mapping Type: Select authentication source attribute.
      • Authentication Source Attribute Name: Third-party platform user attribute.

BambooCloud IDaaS Open Platform