Client Management


This article helps you get started quickly and complete the deployment and configuration of the SSO client.

Main Concept

  • Client management: Refers to the management of the configurations of the applications connected to the Single Sign-on service, including the protocols and credentials used for application docking.

Target Audience

  • OU administrator

Prerequisites

  • You have an EnOS OU administrator account, and have been authorized by the system administrator with the operation permissions for Single Sign-on service. For more information, see Policies, Roles and Permissions.

Procedure

  1. In the EnOS Management Console, select Single Sign-On > Client Management.

  2. Click New Client and provide information for the following.

    • Client Configuration

      • Client Protocol: The standard protocol used for the client to connect to the SSO service, which is set as OIDC by default.

        • OIDC: As a simple identity layer on top of the OAuth2.0 protocol, OpenID Connect allows the client to verify the user’s identity based on the authentication service and get the basic information about the end user.

        • SAML: The Security Assertion Markup Language is an open standard that allows identity providers (IdP) to pass the authorization certificates to service providers (SP).

      • Client ID: The client unique identification code.

      • Client Secret: The credential for the client to communicate with the SSO service.

      • Login Redirect URL: The address by which the codes, tokens, or claims are returned to the client after the SSO service login is completed. The Java regular expression is supported. For regular expressions, the corresponding parameter in the login request must match the expression; otherwise, it must be exactly the same.

      • Logout Redirect URL: The redirect address of the SSO service after logout.

      • Base URL: The default URL used when the SSO service needs to redirect or link back to the client.

      • Default Identity Provider: The default authentication source. The SSO service can connect to different authentication sources, and will specify different authentication sources through parameters when the user logs in. This default value will be used when no user source is specified.

      Note

      Ensure that the selected entries are all valid account entries.


    • Scope Configuration: Defines the user information that the client can access.

      • email: email

      • profile: user profile


  3. Click Save to complete the creation of a new client.

Editing the Client

  1. In the EnOS console, select Single Sign-On > Client Management.

  2. Click the view icon for the newly created client in the list.

    • Click the Edit button at the bottom of the Configuration Details page to edit the client configurations.

    • Edit the client login page information at the Customize Login Page tab. This function is only applicable to EnOS authentication service.

      • Enterprise Logo: Upload the enterprise logo of the login interface.

      • Background Image: Upload the corporate background image of the login interface.

      • Remember Me: Show whether to remember the login status.


  3. Click Save to complete the editing.