Concepts
Enterprise Administrator
Enterprise administrators include the account administrator and users who have administrator permissions for OneAccess. Enterprise administrators manage users, user groups, organizations, applications, and APIs in the administrator portal.
Super Administrator
The account administrator can create super administrators in the administrator portal to manage all organizations, users, and applications in your enterprise. Super administrators belong to the super administrator group, which has full access to the administrator portal.
Common Administrator
The account administrator or super administrators can create common administrators in the administrator portal to manage specific organizations, users, and applications in your enterprise. Common administrators do not belong to any group or belong to a common administrator group that only has permissions for specific menus of the administrator portal.
System Administrator
System administrators are created by Huawei Cloud master accounts in Identity and Access Management (IAM). They can access the organizations, users, and applications menus in the administrator portal but cannot create administrators. System administrators do not belong to any management group.
User
Users include employees, partners, and customers who use enterprise applications. They can log in to the user portal to access applications.
Application
Applications are third-party systems that you can manage and authorize access in OneAccess. There are pre-integrated and custom applications.
- Pre-integrated applications: Pre-integrated with OneAccess using development interfaces or protocols. You can use these applications only after purchasing them and completing basic configurations.
- Custom applications: In-house developed applications or software and commercial applications that are not included in the pre-integrated application list. To use custom applications, integrate them using supported authentication protocols and synchronization methods.
Identity Source
OneAccess allows you to import user and organization information from different systems and aggregate the information into a complete user directory for unified management. These systems are called identity sources. For example, AD, WeCom, DingTalk, Lark, XinRenXinShi, Beisen, MCHR, SAP SuccessFactors, Weaver e-cology9.0, and LDAP.
Authentication Provider
Users can log in to OneAccess using accounts and passwords of third-party systems. You can use CAS, SAML 2.0, OAuth 2.0, and OIDC, or add authentication providers, such as WeChat, Weibo, DingTalk, and WeCom.
SSO
SSO is an authentication scheme that allows users to log in with a single account and password to any applications that the users have been authorized to access, from the user portal. For example, after you add Huawei Cloud in the administrator portal and authorize access to a user, the user can log in to the user portal and access Huawei Cloud without entering their account and password again.
Open API Platform (OAP)
OAP is an open API provided by OneAccess for third-party developers to customize functions, such as management of organizations, users, and applications.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
