Client Management¶
This article helps you get started quickly and complete the deployment and configuration of the SSO client.
Main Concept¶
Client management: Refers to the management of the configurations of the applications connected to the Single Sign-on service, including the protocols and credentials used for application docking.
Target Audience ¶
OU administrator
Prerequisites¶
You have an EnOS OU administrator account, and have been authorized by the system administrator with the operation permissions for Single Sign-on service. For more information, see Policies, Roles and Permissions.
Procedure¶
Create a Client¶
In the EnOS Management Console, select Single Sign-On > Client Management.
Click New Client and provide information for the following.
Client Configuration
Client Protocol: The standard protocol used for the client to connect to the SSO service, which is set as OIDC by default.
OIDC: As a simple identity layer on top of the OAuth2.0 protocol, OpenID Connect allows the client to verify the user’s identity based on the authentication service and get the basic information about the end user.
SAML: The Security Assertion Markup Language is an open standard that allows identity providers (IdP) to pass the authorization certificates to service providers (SP).
Client ID: The client unique identification code.
Client Secret: The credential for the client to communicate with the SSO service.
Login Redirect URL: The address by which the codes, tokens, or claims are returned to the client after the SSO service login is completed. The Java regular expression is supported. For regular expressions, the corresponding parameter in the login request must match the expression; otherwise, it must be exactly the same.
Logout Redirect URL: The redirect address of the SSO service after logout.
Base URL: The default URL used when the SSO service needs to redirect or link back to the client.
Default Identity Provider: The default authentication source. The SSO service can connect to different authentication sources, and will specify different authentication sources through parameters when the user logs in. This default value will be used when no user source is specified.
Authentication Code Flow: Use the authentication code grant type for the OIDC protocol.
Note
Ensure that the selected entries are all valid account entries.
Scope Configuration: Defines the user information that the client can access.
email: email
profile: user profile
Click Save to complete the creation of the new client.
Edit Client Configuration¶
Customize Client Login Page¶
You can customize the login page for a client that is using EnOS authentication service.
In the EnOS Management Console, select Single Sign-On > Client Management.
On the Customize Login Page tab, click Edit.
Configure the following items as necessary:
Enterprise Logo: Upload the enterprise logo of the login page.
Background Image: Upload the corporate background image of the login page.
Remember Me: Select whether to enable remembering of the login status.
Verification Code: Select whether to display a CAPTCHA image.
Click Save.