Application Integration Overview
The BambooCloud IDaaS platform provides comprehensive application integration capabilities, helping enterprises unify various application systems into an identity management platform to achieve single sign-on, account synchronization, and permission control. Through application integration, employees only need one set of account credentials to access all authorized applications, greatly improving office efficiency and security.
Application Integration Types
The IDaaS platform supports two application integration methods:
- Pre-integrated Applications: The platform has pre-built integration templates for many common applications (such as DingTalk, WeCom, Feishu, SAP, Beisen, etc.). Administrators only need to modify some parameters to quickly enable them.
- Self-built Applications: For enterprise self-developed systems or applications not pre-built on the platform, administrators can create application integrations through standard protocols (SAML, OIDC, OAuth, CAS, etc.).
Single Sign-On (SSO)
Single Sign-On (SSO) allows users to access multiple application systems with one set of authentication credentials. After configuration, employees can access all authorized applications without re-entering account passwords after logging in to the IDaaS user center.
The IDaaS platform supports SSO integration through the following standard protocols:
- OpenID Connect (OIDC): The preferred authentication protocol for modern applications, based on OAuth 2.0 extension, suitable for Web and mobile applications.
- SAML 2.0: A widely supported standard protocol for enterprise applications, suitable for traditional Web applications and enterprise software.
- OAuth 2.0: An authorization framework suitable for third-party application access and API authorization scenarios.
- CAS (Central Authentication Service): A single sign-on protocol commonly used in universities and enterprises.
- WS-Federation: A federated identity authentication protocol commonly used in the Microsoft ecosystem.
Data Synchronization
IDaaS supports synchronizing user and organization data within the platform to downstream applications, enabling automated account lifecycle management:
- Account Provisioning: When employees join, transfer, or leave, automatically create, update, or delete corresponding accounts in target applications.
- Attribute Mapping: Supports mapping IDaaS user attributes (name, email, mobile number, department, etc.) to application system account attributes.
- LDAP Synchronization: Synchronizes user organization data to LDAP directories or AD domains through the LDAP protocol.
How to Add an Application
Administrators can add applications to the IDaaS platform in the following ways:
- Add from Pre-integrated Application Library: Search for the target application in the application market, select the corresponding template, and complete parameter configuration according to the guidance.
- Self-built Application: Select the corresponding standard protocol (SAML/OIDC/OAuth/CAS/WS-Federation), fill in the application basic information and protocol parameters, and complete the integration configuration.
- Bookmark Application: For applications that only need quick access without SSO, you can create bookmark applications displayed as quick entries in the user center.
After the application is added, administrators can assign it to specified users or user groups. Authorized users can then see and access the application in the user center.