Help Center/ Meeting/ FAQs/ Client Service Usage Problems/ How Do I Configure SSO Login for My Enterprise?
Updated on 2024-01-23 GMT+08:00

How Do I Configure SSO Login for My Enterprise?

  • Configuration on the Huawei Cloud Meeting Management Platform

    After enterprise-owned authentication takes effect, internal accounts of your enterprise will be used to log in to the mobile app, desktop client, and Management Platform. Ensure that you have tested the enterprise-owned authentication on the configuration page. (It is recommended that you connect the enterprise-owned authentication to Huawei Cloud Meeting in a test enterprise first. After the connection is successful, configure enterprise-owned authentication in your enterprise.) Save the configuration only after the verification is successful.

    Before the connection, ensure that all parameters have been configured. Otherwise, the login fails.

    1. On the Huawei Cloud Meeting website, click Console, enter the Huawei Cloud account and password, and click Access Management Platform to go to the Huawei Cloud Meeting Management Platform.
    2. In the navigation pane, choose Advanced Settings > Openness.
    3. Click the SSO Login tab.
    4. Set SSO Login to Enabled.

      Parameter description:

      Parameter

      Description

      Basic Settings

      Enterprise Domain Name

      Domain name configured by your enterprise. Enter the domain name when logging in to the app.

      Token URL

      URL for obtaining a token. Huawei Cloud Meeting uses the temporary code generated during enterprise authentication to obtain the token for accessing enterprise user information.

      Authorization Center URL

      URL of the enterprise authentication center. After you enter the enterprise domain name in the Huawei Cloud Meeting app, you will be redirected to the page specified by this parameter. You can enter your account and password or scan the QR code on the page.

      User Info Query URL

      URL for querying user information. Huawei Cloud Meeting obtains user information (such as the name and contact information) using this URL.

      App ID

      App ID used to identify Huawei Cloud Meeting. Obtain the app ID from the enterprise authentication platform.

      • Scheme for Starting PC Client
      • Scheme for Starting Android App
      • Scheme for Starting iOS App

      Scheme URL for starting the app after the authentication is successful.

      Mappings

      Third-Party Account Field Name

      Account field in the authentication API.

      Third-Party Access Token Field Name

      Token field in the API for obtaining a token.

      • Third-Party Name Field Name
      • Third-Party Email Address Field Name
      • Third-Party Mobile Number Field Name

      Mapping between fields in the enterprise user information API and Huawei Cloud Meeting user information.

  • Configuration on your enterprise authentication platform (example: WeChat authentication)
    1. Apply for an app ID and key on the WeChat Open Platform.

    2. Request code to obtain the URL of the authentication center.

      Before using a third-party website application for login authorization, ensure that you have obtained the authorization scope (scope = snsapi_login) of the corresponding web page. If the authorization scope has been obtained, you can access the following link on the PC:

      https://open.weixin.qq.com/connect/qrconnect?appid=APPID&redirect_uri=REDIRECT_URI&response_type=code&scope=SCOPE&state=STATE#wechat_redirect

      If the system displays a message indicating that the link cannot be accessed, check whether parameters are incorrect. For example, the domain name specified by redirect_uri is inconsistent with the authorized domain name entered during the review or the value of scope is not snsapi_login.

    3. Use code to obtain access_token (Token URL).

      https://api.weixin.qq.com/sns/oauth2/acess_token?appid=APPID&secret=SECRET&code=CODE&grant_type=authorization_code

    4. Use access_token to call the APIs (User Info Query URL).

      Prerequisites:

      • access_token is valid.
      • The WeChat user has authorized the corresponding scopes of APIs to the third-party application account.

      The following APIs can be called.

      Authorization Scope

      API

      Description

      snsapi_base

      /sns/oauth2/access_token

      Obtain access_token, refresh_token, and authorized scopes using code.

      snsapi_base

      /sns/oauth2/refresh_token

      Refresh or renew access_token.

      snsapi_base

      /sns/auth

      Check the validity of access_token.

      snsapi_userinfo

      /sns/userinfo

      Obtain user information.