(Common User) Logging In to the User Portal and Accessing Applications

Preparations

1. Register with Huawei Cloud and complete real-name authentication.
   If you already have one, skip this step. If you do not have one, do as follows:

   1. Log in to the Huawei Cloud official website, and click Register.
   2. Sign up for a HUAWEI ID. For details, see Signing up for a HUAWEI ID and Enabling Huawei Cloud Services.

      After your ID is created, the system redirects you to your personal information page.

   3. Complete real-name authentication. For details, see Individual Real-Name Authentication.
      

      Real-name authentication is required only when you buy or use resources in the Chinese mainland.

2. Top up your account.

   Ensure enough balance in your account.

   • For details about the prices of OneAccess, see "OneAccess Pricing Details".
   • For details about top-up, see Top-Up and Repayment.
3. Grant permissions.

   Before creating a OneAccess instance and its dependencies, you need to obtain specific permissions. For details, see Permissions Management.

Buying an Instance

1. Go to the page for buying OneAccess.
2. Configure the parameter on the page for buying OneAccess page.
   1. Select a region from the Region drop-down list.
   2. Select an instance specification. Currently, the basic, professional, and enterprise editions are supported. Basic edition is selected as an example here.
   3. Set Number of Users to 100.
   4. Set Required Duration. Auto-renew is selected by default.
   5. Set Number of Instances to an integer ranging from 1 to 100. Select 1 here.

3. Click Next: Confirm.
4. Select I have read and accepted <OneAccess Service Statement> and click Pay.

(Administrator) Logging to the Administrator Portal

1. Log in to the Huawei Cloud console.
2. Choose Service List > Management & Governance > OneAccess.
3. Click the OneAccess instance to be accessed.
4. Click the name of the instance to be accessed to go to the OneAccess instance administrator portal.

   

   If you do not have permission to access the OneAccess instance, you need to access the OneAccess administrator portal as an IAM user and request access permission for the instance. For details, see Creating an Authorization.

(Administrator) Adding Organizations

Organizations are used to manage enterprise employees. Each organization may represent a company or department and contains all employees in the company or department. As the root node, the top-level organization can have multiple sub-organizations and users. You can also add multiple levels of organizations and users under sub-organizations to manage employees of your enterprise.

1. Log in to the administrator portal.
2. In the top navigation pane, choose Users > Organizations and Users.
3. Click in the lower left corner.
4. On the Create Organization page, specify organization parameters and click OK.

   Table 1 Organization information

   Parameter	Description
   Organization Type	Type of an organization. The options are Department, Unit, Company, and Group.
   Organization Code	Unique ID of the organization.
   Organization Name	Organization name. Organizations at the same level must have different names.
   Sequence	Position of the organization under the parent organization.
   Parent Organization	Parent organization of the organization to be created. Leave this field blank when creating a top-level organization.

5. Click OK.

(Administrator) Adding Users

On the OneAccess administrator portal, you can create an organization for one user or create a user that belongs to multiple organizations. As an administrator, you can add users in the administrator portal. Users then use their own accounts to access specific applications.

If the created user belongs to multiple organizations, for example, organization A has the permission to access application C, organization B to application D, and the user has the permissions of both organizations A and B, the user can access applications C and D at the same time after logging in to the user center.

1. Log in to the administrator portal.
2. In the top navigation pane, choose Users > Organizations and Users.
3. On the Organizations and Users page, click the Users tab.
4. Click Add User and set basic user information by referring to Table 2.

   Table 2 Basic information

   Parameter	Description
   Username	You can determine whether this is mandatory by referring to Modifying User Attributes. If the default username is used, the system automatically generates a username. You can set the character and length requirements of the username in Modifying User Attributes. The username of the user cannot be the same as those of other users. The username is case insensitive.
   Organization	You can specify an organization to which the user to be added belongs. You can select one or more organizations. By default, the first selected organization is the primary organization. For details about how to add an organization, see (Administrator) Adding Organizations. NOTE: If you select an organization in the organization tree on the left and then click Create User, the selected organization is the primary organization by default. A user can have up to one primary and nine secondary organizations. You can click on the right of the target username and select Change Organization. In the displayed dialog box, adjust the primary/secondary organization.
   Name	You can set whether the attribute is mandatory and the length of it by referring to Modifying User Attributes.
   Cell phone number	You can set whether the attribute is mandatory and the length of it by referring to Modifying User Attributes. This must be unique.
   Email	You can set whether the attribute is mandatory and the length of it by referring to Modifying User Attributes. This must be unique.
   area	Select the user's country or region. You can set whether the attribute is mandatory by referring to Modifying User Attributes.
   city	Enter the city where the user is located. You can set whether the attribute is mandatory and the length of it by referring to Modifying User Attributes.

   

   • The user can log in to the user portal using their username, mobile number, or email address.
   • If you manage the user's password, a password link will be sent to the email address or mobile number of the user.
   • If the user forgets the password, the user can reset it using the bound email address or mobile number.
   • Set a password for the user so that the user can log in to the user portal if no login authentication mode is enabled.

5. Click to enable password login. There are two login modes. Select Set now.
   • You can customize the user login password when selecting Set now.
     • If you select Rest password at first login, you need to change the login password when you log in to the user portal for the first time.
     • If you do not select Rest password at first login, you do not need to change the password for your first login.
   • Automatically generated: A password is automatically generated. The system notifies the user of the initial password and the user must log in to the system within the validity period. If the password initialization function is not enabled, configure it by referring to Password Initialization Settings.

6. Click OK.

(Administrator) Adding Applications and Authorizing Access

The following procedure describes how to add an application using SAML. For details about how to add applications using other protocols, see Application Integration.

1. Log in to the administrator portal.
2. In the top navigation pane, choose Resources > Applications.
3. On the Pre-integrated Applications page, click Add Pre-integrated Application.
4. On the Add Pre-integrated Application page, select the application you want to add.
5. On the Add Application page, set the basic information.

   Table 3 General information

   Parameter	Description
   Logo	Upload a logo image of the application that does not exceed 50 KB.
   Name	Name of the application. This field is required.
   Authentication Method	Authentication mode of the application. This field cannot be changed.
   Synchronization Method	Synchronization mode of the application. This field cannot be changed.

6. Click Next and import the metadata of the application.
   

   • You can import or enter the metadata of a pre-integrated application. To ensure accuracy of the metadata, you are advised to import the metadata file.
   • The metadata needs to be obtained from the enterprise application.

7. After the configuration is complete, click Next.
8. Click an application. The Application Information page is displayed.
9. On the displayed page, click next to Application Organization in the Object Models area. In the displayed dialog box, click OK.
10. On the Application Information page, click Authorize next to Application Organizations in the Authorization area.
11. Click Authorization Policy.
12. Click to enable Automatic Organization Authorization and select Custom.
13. Select the desired organizations, click Save, and then click Add.
14. In the navigation pane, choose Authorization > Application Accounts.
15. Click add Accounts.
16. Select the users in (Administrator) Adding Users, authorize them to access the application, and click Save.
    

    After authorization, accounts are automatically created for the users to access the application.

(Common User) Logging In to the User Portal and Accessing Applications

To log in to the user portal and access applications, do as follows:

1. Obtain the user portal domain name from the administrator.
   

   A user access domain name is automatically generated after the administrator purchases a OneAccess instance. The domain name is displayed on the instance details page of the OneAccess console. For or example, example.huaweioneaccess.com.

2. Visit the user access domain name.
3. Enter the username and password and click Log In.
4. Click the application added in (Administrator) Adding Applications and Authorizing Access to access it.