Bu sayfa henüz yerel dilinizde mevcut değildir. Daha fazla dil seçeneği eklemek için yoğun bir şekilde çalışıyoruz. Desteğiniz için teşekkür ederiz.
- Product Bulletin
- Function Overview
- Service Overview
- Getting Started
-
User Guide (End Users)
- Getting to Know Workspace
- Introduction to Terminals
- Logging In to a Desktop Using an SC
- Logging In to a Desktop Using a TC
- Logging In to a Desktop Using a Mobile Terminal (Android)
- Desktop Assistant
- Changing the Login Password
- Forbidden Operations
- Configuring Dual-Screen Display
- Common Function Configuration
- Change History
-
User Guide (Administrators)
- Overview
-
Desktops
- Managing Desktops
- Collaborative Desktops
- Assigning Desktops
- Unbinding a User
- Viewing Desktops That Fail to Be Created
- Modifying Specifications
- Recomposing a System Disk
- Adding a Disk
- Expanding the Disk Capacity
- Deleting a Disk
- Managing Tags
- Converting a Desktop to an Image
- Configuring a Desktop Network
- Changing the Desktop Billing Mode
- Renewing a Yearly/Monthly-Billed Desktop
- Unsubscribing from a Desktop
-
Desktop Pools
- Managing Desktop Pools
- Viewing Desktops That Fail to Be Created in the Desktop Pool
- Modifying Specifications
- Adding a Desktop to a Desktop Pool
- Recomposing a System Disk
- Adding Disks
- Expanding the Disk Capacity
- Deleting Disks
- Creating an Image
- Adding Users or User Groups
- Removing Users or User Groups
- Renewing a Yearly/Monthly-Billed Desktop Pool
- Unsubscribing from a Desktop Pool
- Users
- User Groups
- Policy Management
- OU Management
-
Tenant Configuration
-
Basic Configuration
- Configuring an AD Domain
- Configuring AD Domain Certificate Authentication
- Changing the Domain Administrator Password
- Modifying Domain Configurations
- Changing the Internet Access Mode
- Changing the Service Subnet
- Canceling a Service
- Reactivating a Service
- Configuring Whether to Block Notification Emails for Desktop Unsubscription or Deletion
- Multiple VPCs for Workspace
- VPC Sharing for Workspace
- Enabling NAT Mapping for Direct Connect
- Configuring User Log Collection
- Upgrading Client and VM Components and Rotating Authentication Credentials
- Other
- Authentication Configuration
- Other
-
Basic Configuration
- Internet Access Management
- Monitoring and Analysis
- Tasks
- O&M
- Application Center
- Private Images
- Permission Management
- Data Backup and Restoration
- Common Function Configuration
- Monitoring
- Subscribing to an Event
- Change History
- Best Practices
-
FAQs
-
FAQs for Administrators
- What Are the Features and Advantages of Workspace?
- How Is Workspace Charged?
- How Do I Check My Quotas?
- How Do I Increase My Quotas?
- How Do I Add a Disk?
- How Do I Connect the Desktop to a Local Printer?
- How Do I Connect the Desktop to a Network Printer?
- How Do I Do If the Desktop Fails to Connect to the AD?
- Can I Change the User Authentication Mode of the Desktop?
- How do I Enable LDAPS on the AD Server?
- How do I Export the Root Certificate of an LDAPS-enabled AD server?
- What If I Fail to Purchase a Desktop?
- How Do I Do If the Functions of Purchasing a Desktop, Creating a User, Creating a Policy, and Enabling the Internet are Unavailable?
- Can I Use Private Images to Purchase Desktops?
- How Many Private Images Can Be Created on Workspace at Most?
- What Are the Network Requirements for Logging In to Desktops?
- How Do I Do If My Desktop Cannot Access the Internet?
- How Do I Configure Workspace to Access the Internet?
- How Do I Configure Workspace to Access the Enterprise Intranet?
- How Do I Enable the Internet on Other Cloud Service Pages?
- How Do I Copy Files Between a Desktop and a Local Storage Device?
- What If I Lost the Administrator Password?
- How Does an Administrator Unlock an End User Account?
- How Do I Do If an End User Fails to Log In to a Desktop?
- How Do I Back Up and Restore a Desktop?
- How Do I Do If a Message Is Displayed Indicating Duplicate Policy Names During Policy Import?
- How Do I Do If a User Cannot Be Bound to a Client Using the Dynamic Verification Code of the Previously Bound MFA Device?
- How Do I Do If the Message "Insufficient permissions for the IAM account. Security Administrator permissions required." Is Displayed When I Enable an Agency?
- How Do I Do If a User Does Not Receive an Email for Creating a Desktop or Assigning a User?
- How Do I Add Resources to or Remove Resources from an Enterprise Project After Purchasing Workspace?
- Why Can't I Start a Pay-per-Use Cloud Desktop?
- How Do I Enable IPv6 on Workspace?
- How Do I Enable RDP on Workspace?
- How Do I Configure Security Group Rules When Using a Custom Security Group?
-
FAQs for End Users
-
Desktop Usage Issues
- How Do I Do If the Desktop Freezes?
- How Do I Do If the Disk Space Is Insufficient?
- How Do I Enter the CLI Mode?
- How Do I Do If My Desktop Cannot Connect to the Internet?
- Do Cloud Desktops Support Personalized Settings?
- How Do I Take a Screenshot?
- How Do I Do If the Printer Cannot Be Used?
- What If I Can't Use Network Printers on Workspace?
- How Do I Download the Software?
- How Do I Do If Data Disks of a Windows Desktop Cannot Be Found After Recomposing the System Disk?
- What Do I Do If I Cannot Copy Files Between a Desktop and a Local Storage Device?
- How Do I Do If the Desktop Screen Cannot Be Adapted?
- How Do I Do If I Cannot Receive an Email for Creating a Desktop or Assigning a User?
- How Do I Manually Configure Time Synchronization on a Windows Desktop?
-
Login Issues
- How Do I Do If I Forget the Password?
- What If the Account Is Locked?
- What Devices Can Be Used to Log In to a Desktop?
- What If I Fail to Log in to a Desktop?
- How Do I Do If I Cannot Pass Multi-Factor Authentication?
- How Do I Do If the System Displays a Message Indicating that the Login Fails Due to Policy Restrictions?
- Terminal Binding Problems
-
OS Issues
- Can I Update the Desktop OS?
- What OSs Can Run on Workspace?
- Which Software Cannot Be Uninstalled?
- Which Files Cannot Be Deleted?
- Which Software Cannot Be Upgraded?
- Which Ports Cannot Be Deleted?
- Which Commands Cannot Be Executed?
- How Do I Query the System Information?
- Is There Any Help Document for OSs?
-
Desktop Usage Issues
- Change History
-
FAQs for Administrators
- SDK Reference
-
API Reference
- Before You Start
- Overview
- Calling APIs
-
Workspace APIs
- Huawei Cloud Workspace
-
Desktop
- Creates a desktop.
- Queries desktops.
- Deletes one desktop.
- Queries details about one desktop.
- Deletes desktops in batches.
- Deregistering Desktops in Batches
- Queries the desktop details list.
- Performs operations on the desktop.
- Modifies specifications.
- Rebuild a Desktop
- Query the Desktop Network
- Switching a Desktop Network
- Desktop Statistics
- User
- User Group
- Disk
- Connection information
- Access policy
- Product Packages
- Authentication configuration
- Quota
- Image
- AZ
- Desktop Tag
- Task.
- Network
-
Binds a terminal to a desktop.
- Queries the configuration of the switch for binding a terminal to a desktop.
- Configures the switch for binding a terminal to a desktop.
- Queries terminal-desktop binding configurations.
- Adds a terminal-desktop binding configuration.
- Modifies a terminal-desktop binding configuration.
- Deletes a terminal-desktop binding configuration.
- Appendix
- Change History
-
User Guide (Application Streaming)
- Overview
-
Administrator Operation Guide
- Operation Procedure
- Logging In to the Workspace Application Streaming Console
- Enabling the Service
- Creating a User
- Applications and Images
- Server Groups
- Application Groups
- User Management
- Policy Groups
- Monitoring Analysis
- OU Management
- Application Internet Access Management
- Upgrading Protocol Components
- Scheduled Tasks
- Storage
- Tenant Configuration
- Private Images
- Configuring Personalized Data
- Subscribing to an Event
- Permissions Management
- Configuring Common Functions
-
FAQs
- What Is the Relationship Between Workspace Application Streaming and Workspace?
- What Types of Applications Can Be Published?
- What Can I Do If an Application Fails to Be Published?
- How Do I Deploy a Windows AD Server?
- How Do I Deploy an RD Licensing Server?
- How Do I Configure RDS Licensing and Security Policies?
- How Do I Create a User OU on the AD Server?
- How Do I Create a User Group on the AD Server?
- How Do I Create a User on the AD Server?
- How Do I Configure Network Connection Between Workspace Application Streaming and the Windows AD?
- How Do I Log in to an APS?
- How Do I Purchase the NAT and EIP Services to Enable Cloud Applications to Be Accessed Through the Internet?
- How Do I Check My Quotas?
- How Do I Increase My Quotas?
- How Do I Do If the Application Operation Page Has Black Borders and Cannot Be Moved?
- How Do I Do If an End User Fails to Log In to a Cloud Application?
- How Do I Reset a User Password?
- How Do I Do If I Fail to Add a Computer Back to the Domain?
- How Do I Add an ECS to the Domain of an APS?
- How Do I Use the GPO Group Policy to Make a Domain User Become a Local Administrator of a PC?
- How Do I Install Sandbox Software?
- How Do I Do If There Is No Sound or the Screen Is Frozen While There Is Sound When Using Google Chrome or Bilibili Player for Video Playback?
- How Do I Do If the Window Cannot Be Dragged When the Sandbox Application Is Started?
- RD License Server Fails to Be Added to the AD domain
- Error Code 6030/6047 Reported When Accessing a Shared Desktop Application
- File Resources on the APS Cannot Be Automatically Refreshed During Workspace Application Streaming Operations
- How Do I Update or Add an Application?
- How Do I Authorize an IAM User to Use Workspace Application Streaming?
- How Do I Calculate the Number of Concurrent Sessions of a Cloud Application?
- What If I Can't Open a Cloud Application?
-
Terminal User Operation Guide
- Process
- Using an Application on a Soft Client
- Using an Application on a Thin Client
-
FAQs
- How Do I Do If the Cloud Application Cannot Be Used?
- How Do I Do If I Cannot View Cloud Applications on Desktops?
- How Do I Do If I Forget the Password?
- How Do I Do If the Account is Locked?
- How Do I Do If I Fail to Log In to the Client?
- How Do I Enable a Local Storage Device to Copy Files to an APS?
- How Do I Recover Important Files and Documents from the Sandbox to the Local Computer?
- How Do I Delete a Sandbox?
- How Do I Remove the Yellow Border of an Application After the Sandbox Application Is Started?
- Change History
- General Reference
Copied.
Third-party SSO Authentication
Scenario
Workspace supports multiple third-party authentication sources, including individual social authentication, enterprise social authentication, and enterprise authentication sources, providing simpler and more convenient login modes and better user experience for enterprise users. As an administrator, you can add, modify, and delete authentication providers.
NOTICE:
Currently, switchover between OAuth2.0, LDAP, and two-factor authentication (TFA) is unavailable, and they cannot be enabled at the same time.
Data
Table 1 lists the configuration data required for this operation.
|
Protocol |
Parameter |
Description |
Example Value |
|---|---|---|---|
|
OAuth 2.0 View Type > Visual |
APP ID |
Application (client) ID obtained when an application is created on the third-party authentication source platform. Azure: Obtain the value of Application (client) ID in the name of the application created on the Azure platform. DINGTALK: Obtain the value of Appkey in the name of the application created on the DINGTALK platform. Obtain the configuration as required. For details, submit a service ticket. |
ed2a****0feb |
|
APP Secret |
client_secret obtained when an application is created on the third-party authentication source platform. Azure: Obtain the value of Client Credentials in the name of the application created on the Azure platform. Click Add a certificate or secret. On the displayed Client Secrets page, click New client secret to create. DINGTALK: Obtain the value of APP Secret in the name of the application created on the DINGTALK platform. Obtain the configuration as required. For details, submit a service ticket. |
VdS8****lpoA |
|
|
Authentication Success Check Field |
Azure configurations: "displayName" or "userPrincipalName" DINGTALK: nick  NOTE:
The user created on the Azure platform must be the same as the Workspace user. Otherwise, the verification fails. |
displayName |
|
|
Validation Field Separator Configuration |
Truncation rules: 1. Scanning starts from back to front, and splitting is performed at the position where the separator field appears for the first time. The front part is used. 2. The default separator is @. 3. The separator can only be a letter, digit, or any of the special characters in parentheses (.-_$#@>). |
Example: test#EXT#&te@teleperformance.com The separators are @ and #EXT#. test is returned after splitting. |
|
|
Azure Tenant ID |
Directory (tenant) ID of the login tenant. Azure: Obtain the value of Directory (tenant) ID in the name of the application created on the Azure platform. Obtain the configuration as required. For details, submit a service ticket. NOTE:
This parameter is mandatory when the third-party source is set to AZURE. |
feff****eed9 |
|
|
OAuth 2.0 View Type > JSON |
JSON file configuration |
Submit a service ticket for technical support. |
- |
|
LDAP |
Server Address |
IP address of the authentication server. Set this parameter to the IP address used for setting up the LDAP server. |
10.134.151.140 |
|
Port |
Port used by the authentication server to communicate with Workspace. Set this parameter to the port used for setting up the LDAP server. |
636 or 389 |
|
|
Base DN |
LDAP root directory. Set this parameter to the root directory collected from the LDAP server. |
DC=huawei,DC=com |
|
|
Administrator DN |
DN of the administrator of the LDAP authentication server. Set this parameter to the administrator account created when setting up the LDAP server. |
CN=manager,DC=huawei,DC=com |
|
|
Administrator Password |
Password of the administrator of the LDAP authentication server. Set this parameter to the password of the administrator created when setting up the LDAP server. NOTE:
Password for accessing the LDAP server. |
- |
|
|
User Query Base |
Directory where the user is located upon LDAP creation. Set this parameter to the name of the directory used for creating a user. |
cn=users |
|
|
SSL/TLS Certificate Verification |
|
Enable |
|
|
Certificate Upload |
After SSL/TLS certificate verification is enabled, you need to upload a certificate. Set this parameter to the certificate used when a user sets up an LDAP server and enables LDAPS. |
- |
Procedure
(Optional) Configuring the Auth URL whitelist
NOTE:
Enable OAuth 2.0. To configure a third-party authentication source, configure a whitelist on the third-party authentication platform first.
- Log in to the console.
- In the navigation pane, choose Tenant Configuration > Basic Settings.
The Basic Settings page is displayed.
- In the Network Configuration area, obtain the IP addresses of Internet access and Direct Connect.
NOTE:
If the network configuration mode of the tenant is set to either Internet access or Direct Connect, select desired configuration.
- Click Redirect URls in the name of the application created on the Azure platform, and add the IP addresses of Internet access and Direct Connect obtained in 3 to the whitelist.
Configuring third-party SSO authentication
NOTE:
After third-party SSO is enabled, the username created on the interconnected platform must be the same as the Workspace username. Otherwise, the verification fails.
- Log in to the console.
- In the navigation pane, choose Tenant Configuration > Authentication Configuration > Primary Authentication, and click Modify.
- Select Third-party SSO authentication for Primary Authentication Type.
- Set View Type to Visual and configure OAuth 2.0 parameters according to Table 1.
- Configure LDAP parameters according to Table 1.
- Click Save.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
