Enterprise Administrator

Enterprise administrators include the account administrator and users who have administrator permissions for OneAccess. Enterprise administrators manage users, user groups, organizations, applications, and APIs in the administrator portal.

Super Administrator

The account administrator can create super administrators in the administrator portal to manage all organizations, users, and applications in your enterprise. Super administrators belong to the super administrator group, which has full access to the administrator portal.

Common Administrator

The account administrator or super administrators can create common administrators to manage specific organizations, users, and applications. Common administrators do not belong to any group or belong to a common administrator group that only has permissions for specific menus of the administrator portal.

User

Users include employees, partners, and customers. They can log in to the user portal to access applications.

Application

Applications are third-party systems that you can manage and authorize access in OneAccess. There are pre-integrated and custom applications.

Pre-integrated applications: Pre-integrated with OneAccess using development interfaces or protocols. You can use these applications only after purchasing them and completing basic configurations. For example, HUAWEI CLOUD and Tencent Cloud.

Custom applications: In-house developed applications or software and commercial applications that are not included in the pre-integrated application list. To use custom applications, integrate them using supported authentication protocols and synchronization methods.

Identity Source

OneAccess allows you to import user and organization information from different systems and aggregate the information into a complete user directory for unified management. These systems are called identity sources. For example, WeCom, DingTalk, AD, and LDAP.

Authentication Provider

Users can log in to OneAccess using accounts and passwords of third-party systems. You can add individual and enterprise (internal and external) authentication providers, such as WeChat, Weibo, DingTalk, WeCom, CAS, SAML 2.0, OAuth 2.0, and OIDC.

SSO

SSO is an authentication scheme that allows users to log in with a single account and password to any applications that the users have been authorized to access, from the user portal. For example, after you add HUAWEI CLOUD in the administrator portal and authorize access to a user, the user can log in to the user portal and access HUAWEI CLOUD without entering their account and password again.