Configure OAuth Authentication Source
To facilitate enterprise user authentication login, the IDaaS platform supports configuring the OAuth protocol as an authentication source. Users can authenticate and log in to various application systems through the OAuth protocol, bringing enterprise users a simpler and more convenient login method and better user experience.
This guide explains the related operations for configuring an OAuth authentication source.
Prerequisites
- Permissions for the third-party identity provider (IDP) application system, and the IDP supports OAuth authentication.
- Administrator permissions for the IDaaS Enterprise Center.
Procedure
Third-Party OAuth Authentication Platform Configuration
On the third-party platform, create an application with OAuth as the access method, and complete the application's basic information. For details, refer to the documentation of each platform.
Configure the application's callback URL. Obtain this from the callback address in the OAuth Authentication Source in the IDaaS Enterprise Center.

Grant users access to the newly created application.
Configure OAuth Authentication Source in IDaaS
Log in to the IDaaS Enterprise Center, choose Authentication > Authentication Source Management from the top navigation bar, enter the OAuth authentication source page, and click Add Authentication Source.

Configure the OAuth authentication source parameters as prompted. Key parameters are described below.

Parameter Description Authorization URL The enterprise application's authentication authorization address. Obtain from the enterprise application. Token URL The address for obtaining tokens. Obtain from the enterprise application. UserInfo URL The address for obtaining user information. Obtain from the enterprise application. Source Association Attribute The user attribute name returned after OAuth authentication succeeds. Must be consistent with the application system's attribute name. User Association Attribute The mapping attribute for the OAuth authentication source to connect with IDaaS. Such as username, selectable from the dropdown. When User Not Associated When the user successfully logs in using the OAuth authentication source but is not associated with a system user, operations can be performed according to this setting, such as auto-create user, selectable from the dropdown. TIP
When User Not Associated: When the source association attribute of the user information returned by the third-party platform does not match the associated user attribute in IDaaS, and no system user is associated, the optional configurations are as follows.
Fail: Set to Fail, meaning the user is not allowed to pass authentication.
Auto Create User: Set to Auto Create User. You can choose whether to update existing attributes, and click Add Mapping to map user attributes from the third-party platform to IDaaS user attributes based on mapping rules and associated attributes, and create the user so that the user can pass authentication.
Attribute descriptions are as follows:
- User Attribute Name: Select an IDaaS user attribute from the dropdown.
- Mapping Type: Select authentication source attribute.
- Authentication Source Attribute Name: Third-party platform user attribute.