How Do I Configure SSO for My Enterprise?
You can configure single sign-on (SSO) for your enterprise to connect Huawei Cloud Meeting to your enterprise authentication system.
Then enterprise users can use internal accounts to log in to Huawei Cloud Meeting clients or Management Platform.
Precautions
Only enterprises that use a paid edition of Huawei Cloud Meeting support SSO login.
Prerequisites
- The domain name planned by your enterprise is unique in the Huawei Cloud Meeting system (no conflict).
- Your authentication system supports OAuth 2.0.
- You have configured the Huawei Cloud Meeting callback address (https://intl.meeting.huaweicloud.com) in your authentication system and obtained Client_ID and Client_Secret of the authentication system.
- You have obtained the authentication center URL, URL for obtaining a token, and URL for querying user information from your enterprise authentication system. For details and examples, see Table 1.
Configuring SSO
The default enterprise administrator can configure SSO on Huawei Cloud Meeting Management Platform.
- Log in to Huawei Cloud Meeting Management Platform.
- In the navigation pane, choose Advanced Settings > Openness.
- Click the SSO Login tab and click Edit. Table 1 describes the parameters.
Figure 1 Configuring SSO (Basic Settings)
Figure 2 Configuring SSO (Mappings)
Table 1 SSO configuration parameters Parameter
Description
Example Value
Basic Settings
SSO Login
Select Enabled.
-
Enterprise Domain Name
Domain name planned by your enterprise.
Enter your enterprise domain name to allow employees to log in to Huawei Cloud Meeting clients and Management Platform in SSO mode.
The enterprise domain name must be unique.
example.com
App ID
Enter the value of Client_ID of your authentication system.
acb**********de312cb
App Key
(Optional) If you do not need to change the app key, leave it empty.
Enter the value of Client_Secret of your authentication system.
0d4c***************bafa7d424aed2
Authorization Center URL
URL of the enterprise authentication page.
After a user enters the enterprise domain name on a Meeting client or Management Platform, they will be redirected to this authentication page. Then they can enter their enterprise account and password or scan a QR code for login.
https://www.example.com/login/oauth/authorize?response_type=code&client_id={CLIENT_ID}&redirect_uri={REDIRECT_URI}&scope=get_user_info&state={STATE}
Token URL
URL of the API used by your authentication system to obtain a token using a code.
Set Request Type and Body as required.
https://www.example.com/login/oauth/access_token?grant_type=authorization_code&code={CODE}&client_id={CLIENT_ID}&client_secret={CLIENT_SECRET}
Authorization Info URL
URL of the API used by your authentication system to query user information using a token.
Set Request Type and Headers as required.
https://login.example.com/sso/oauth2/userinfo?access_token={ACCESS_TOKEN}&openid={THIRD_ACCOUNT}&client_id={CLIENT_ID}
Mappings
Third-Party Account Field Name
User account ID field. Huawei Cloud Meeting obtains its value from the response of obtaining a token or querying user information.
It uniquely identifies an enterprise user.
-
Third-Party Access Token Field Name
User token field. Huawei Cloud Meeting obtains its value from the response of obtaining a token.
-
Third-Party Name Field Name
(Optional) User alias, email address, and mobile number fields. Huawei Cloud Meeting obtains their values from the response of querying user information.
-
Third-Party Email Address Field Name
-
Third-Party Mobile Number Field Name
-
- Click Save.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
