Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive

Adding an Application

Updated on 2024-12-30 GMT+08:00

OneAccess provides pre-integrated applications that you can use out-of-the-box. You can also add custom applications.

Adding a Custom Application

Custom applications are applications developed by your enterprise or any software as a service (SaaS) or commercial applications not included in the pre-integrated application list.

  1. Log in to the administrator portal.
  2. On the top navigation bar, choose Resources > Applications.
  3. On the Applications page, click Add Custom Application.
  4. Enter an application name and its logo, and click Save.
  5. Configure the parameters required so that the application can be accessed by users. For details, see Applications.

Adding a Pre-integrated Application

OneAccess has pre-integrated some applications based on their development APIs and protocols.

  1. Log in to the administrator portal.
  2. On the top navigation bar, choose Resources > Applications.
  3. On the Applications page, click Add Pre-integrated Application.
  4. Click the pre-integrated application you want to add.
  5. On the Add Application page, edit the general information, set the application name, and click Next.
  6. Set the authentication parameters. The authentication integration mode and authentication parameters vary depending on the application.

    SAML is used for illustration. You can upload the metadata file or manually edit metadata on the OneAccess console.
    • Upload a metadata file
      1. In the Authentication Parameters step, click Import SP Metadata.
      2. Click Select File and select the metadata file you have obtained from the application service provider (SP).
        NOTE:
        • If a message indicating incorrect file type is displayed, upload the correct metadata file or edit the metadata manually.
        • For details about how to obtain the metadata, see the documentation of the application.
      3. When the Select File button changes to , the metadata is extracted. Then click Next.
    • Edit metadata
      1. In the Authentication Parameters step, click Configure Metadata.
      2. Set the parameters listed in the following table according to the metadata file you have obtained.

    Table 1 Authentication parameters

    Parameter

    Description

    * SP Entity ID

    Unique identifier of an SP. Enter the value of Entity ID displayed in the SP metadata file.

    * ACS URL

    SP callback URL that receives a response when OneAccess authentication is successful. Enter the value of AssertionConsumerService displayed in the SP metadata file.

    * Name ID

    Select a user attribute or account attribute. The attribute value will be used as the subject of the assertion.

    NameID Format

    Username format supported by the SP. Enter the value of NameIDFormat displayed in the SP metadata file.

    Audience URI

    Audience for which the SAML assertion is intended. By default, this field is the same as SP Entity ID.

    Single Logout URL

    URL to which users will be redirected after logging out of their sessions. Enter the value of SingleLogoutService displayed in the SP metadata file. The SingleLogoutService parameter in the metadata file must support HTTP Redirect or HTTP POST.

    Relay State

    Default URL to which users will be redirected after successful login.

    Response Signature

    This option indicates whether to sign SAML responses using the IdP's certificate.

    Assertion Signature

    This option indicates whether to sign assertions using the IdP's certificate. Enter the value of WantAssertionsSigned displayed in the SP metadata file.

    Digital Signature Algorithm

    Algorithm of SAML response or assertion signature. RSA_SHA256, RSA_SHA512, and RSA_RIPEMD160 are supported. You can select a value from the drop-down list box.

    Digital Digest Algorithm

    Algorithm used to create digests for SAML responses or assertions. SHA256, SHA512, and RIPEMD160 are supported. You can select a value from the drop-down list box.

    Assertion Encryption

    This option indicates whether to encrypt assertions.

    Request Signature Validation

    This option indicates whether to sign SAML requests. Enter the AuthnRequestsSigned value in the SP metadata file.

    * Signature Certificate Validation

    SP public key certificate, which is used to verify SAML request signatures. Enter the value of use="signing" displayed in the SP metadata file.

  7. Configure the synchronization parameters. The synchronization modes and parameters of different applications may be different.

    Coremail is used as an example to describe how to set synchronization integration parameters.
    1. Set authentication parameters and click Next.
    2. On the synchronization configuration page, set parameters and click Test to test whether the configuration is correct. After the configuration is complete, click Next. For details about how to configure other menus, see Applications.

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback