How Do I Configure SSO Login for My Enterprise?

After enterprise-owned authentication takes effect, internal accounts of your enterprise will be used to log in to the mobile app, desktop client, and Management Platform. Ensure that you have tested the enterprise-owned authentication on the configuration page. (It is recommended that you connect the enterprise-owned authentication to Huawei Cloud Meeting in a test enterprise first. After the connection is successful, configure enterprise-owned authentication in your enterprise.) Save the configuration only after the verification is successful.

Before the connection, ensure that all parameters have been configured. Otherwise, the login fails.

1. On the Huawei Cloud Meeting website, click Console, enter the Huawei Cloud account and password, and click Access Management Platform to go to the Huawei Cloud Meeting Management Platform.
2. In the navigation pane, choose Advanced Settings > Openness.
3. Click the SSO Login tab.
4. Set SSO Login to Enabled.

   Parameter description:

   Parameter	Description
   Basic Settings
   Enterprise Domain Name	Domain name configured by your enterprise. Enter the domain name when logging in to the app.
   Token URL	URL for obtaining a token. Huawei Cloud Meeting uses the temporary code generated during enterprise authentication to obtain the token for accessing enterprise user information.
   Authorization Center URL	URL of the enterprise authentication center. After you enter the enterprise domain name in the Huawei Cloud Meeting app, you will be redirected to the page specified by this parameter. You can enter your account and password or scan the QR code on the page.
   User Info Query URL	URL for querying user information. Huawei Cloud Meeting obtains user information (such as the name and contact information) using this URL.
   App ID	App ID used to identify Huawei Cloud Meeting. Obtain the app ID from the enterprise authentication platform.
   Scheme for Starting PC Client Scheme for Starting Android App Scheme for Starting iOS App	Scheme URL for starting the app after the authentication is successful.
   Mappings
   Third-Party Account Field Name	Account field in the authentication API.
   Third-Party Access Token Field Name	Token field in the API for obtaining a token.
   Third-Party Name Field Name Third-Party Email Address Field Name Third-Party Mobile Number Field Name	Mapping between fields in the enterprise user information API and Huawei Cloud Meeting user information.

1. Apply for an app ID and key on the WeChat Open Platform.

2. Request code to obtain the URL of the authentication center.

   Before using a third-party website application for login authorization, ensure that you have obtained the authorization scope (scope = snsapi_login) of the corresponding web page. If the authorization scope has been obtained, you can access the following link on the PC:

   https://open.weixin.qq.com/connect/qrconnect?appid=APPID&redirect_uri=REDIRECT_URI&response_type=code&scope=SCOPE&state=STATE#wechat_redirect

   If the system displays a message indicating that the link cannot be accessed, check whether parameters are incorrect. For example, the domain name specified by redirect_uri is inconsistent with the authorized domain name entered during the review or the value of scope is not snsapi_login.

3. Use code to obtain access_token (Token URL).

   https://api.weixin.qq.com/sns/oauth2/acess_token?appid=APPID&secret=SECRET&code=CODE&grant_type=authorization_code

4. Use access_token to call the APIs (User Info Query URL).

   Prerequisites:

   • access_token is valid.
   • The WeChat user has authorized the corresponding scopes of APIs to the third-party application account.

   The following APIs can be called.

   Authorization Scope	API	Description
   snsapi_base	/sns/oauth2/access_token	Obtain access_token, refresh_token, and authorized scopes using code.
   snsapi_base	/sns/oauth2/refresh_token	Refresh or renew access_token.
   snsapi_base	/sns/auth	Check the validity of access_token.
   snsapi_userinfo	/sns/userinfo	Obtain user information.