Client Management


This article helps you get started quickly and complete the deployment and configuration of the SSO client.

Main Concept

  • Client management: Refers to the management of the configurations of the applications connected to the Single Sign-on service, including the protocols and credentials used for application docking.

Target Audience

  • OU administrator

Prerequisites

  • You have an EnOS OU administrator account, and have been authorized by the system administrator with the operation permissions for Single Sign-on service. For more information, see Policies, Roles and Permissions.

Procedure

Create a Client

  1. In the EnOS Management Console, select Single Sign-On > Client Management.

  2. Click New Client and provide information for the following.

    • Client Configuration

      • Client Protocol: The standard protocol used for the client to connect to the SSO service, which is set as OIDC by default.

        • OIDC: As a simple identity layer on top of the OAuth2.0 protocol, OpenID Connect allows the client to verify the user’s identity based on the authentication service and get the basic information about the end user.

        • SAML: The Security Assertion Markup Language is an open standard that allows identity providers (IdP) to pass the authorization certificates to service providers (SP).

      • Client ID: The client unique identification code.

      • Client Secret: The credential for the client to communicate with the SSO service.

      • Login Redirect URL: The address by which the codes, tokens, or claims are returned to the client after the SSO service login is completed. The Java regular expression is supported. For regular expressions, the corresponding parameter in the login request must match the expression; otherwise, it must be exactly the same.

      • Logout Redirect URL: The redirect address of the SSO service after logout.

      • Base URL: The default URL used when the SSO service needs to redirect or link back to the client.

      • Default Identity Provider: The default authentication source. The SSO service can connect to different authentication sources, and will specify different authentication sources through parameters when the user logs in. This default value will be used when no user source is specified.

      • Authentication Code Flow: Use the authentication code grant type for the OIDC protocol.

      Note

      Ensure that the selected entries are all valid account entries.


    • Scope Configuration: Defines the user information that the client can access.

      • email: email

      • profile: user profile


  3. Click Save to complete the creation of the new client.

Edit Client Configuration

  1. In the EnOS Management Console, select Single Sign-On > Client Management.

  2. Click the View icon view next to the newly created client.

  3. On the Configuration Details tab, click Edit.

  4. Modify the necessary details.

  5. Click Save.

Customize Client Login Page

You can customize the login page for a client that is using EnOS authentication service.

  1. In the EnOS Management Console, select Single Sign-On > Client Management.

  2. Click the View icon view next to the newly created client.

  3. On the Customize Login Page tab, click Edit.

  4. Configure the following items as necessary:

    • Enterprise Logo: Upload the enterprise logo of the login page.

    • Background Image: Upload the corporate background image of the login page.

    • Remember Me: Select whether to enable remembering of the login status.

    • Verification Code: Select whether to display a CAPTCHA image.

  5. Click Save.