tencent cloud

Feedback

Configuring an application

Last updated: 2023-12-22 11:42:07

    Scenarios

    Customer Identity and Access Management (CIAM) allows administrators to configure created applications as needed, including the basic information (such as the icon and name), the parameters (such as the redirect and logout addresses), and the processes (such as registration, login, password reset, and protocol management).

    Steps

    1. Log in to the CIAM console and select Application management in the left navigation pane.
    2. On the Application management page, click Configuration in the operation column.
    img
    
    

    Basic information

    
    img
    
    

    Parameter configuration

    1. On the Application configuration page, click the Parameter configuration tab.
    2. On the Parameter configuration tab, fill in the required information and click OK to save the configuration.
    img
    
    
    Parameter description:
    Parameter
    Description
    Example
    Redirect URI
    A complete URL starting with http or https for receiving the OAuth authorization code. After the user authorizes the request, this code will be redirected to the address.
    Logout Redirect URI
    A complete URL starting with http or https, to which the user will be redirected after logout.
    https://www.qq.com/logout
    Access_token validity
    The validity period of access tokens. The default validity is 600 seconds.
    600
    refresh_token
    Specifies whether refresh tokens are enabled.
    -
    Refresh_token validity period
    The validity period of refresh tokens. This parameter is displayed when refresh tokens are enabled. The default validity is 86,400 seconds.
    86400

    Process configuration

    You can configure the registration, login, MFA, username retrieval, and password reset processes. By configuring different parameters, you can customize the registration, login, and other processes for applications.
    For Web applications, one-page applications, and mobile apps, you can configure the registration, login, MFA, username retrieval, and password reset processes.

    Configuring Web applications, one-page applications, and mobile apps

    1. On the Application configuration page, click the Process configuration tab.
    2. The Process configuration tab contains five modules for the registration, login, MFA, username retrieval, and password reset processes.
    Registration: Click Edit in the upper right corner of the module to configure the parameters, and then click OK to save the configuration.
    img
    
    
    Parameter description:
    On/Off: By default, the toggle is turned on. Users cannot register for the application if the toggle is turned off.
    Authentication attribute: This field is filled in by users during registration. It can be used as a unique user identifier.
    SMS OTP authentication source: The policy for sending SMS OTPs during registration. This field must be configured if you select the phone number as the authentication attribute.
    Email OTP authentication source: The policy for sending email OTPs during registration. This field must be configured if you select the email address as the authentication attribute.
    General attribute: This field is filled in by users during registration. It cannot be used as a unique user identifier.
    User group: The group to which users belong after successful registration.
    Auto login: If the toggle is turned on, users are automatically logged in to the application after successful registration. If the toggle is turned off, users are redirected to the login page after successful registration and need to log in.
    Consent statement: If the toggle is turned on, you can configure the consent statement displayed on the registration page as instructed below.
    
    img
    
    
    Login: Click Edit in the upper right corner of the module to configure the parameters, and then click OK to save the configuration.
    img
    
    Parameter description:
    On/Off: By default, the toggle is turned on. Users cannot log in to the application if the toggle is turned off.
    Preferred authentication source: The preferred authentication method displayed on the login page.
    Associate authentication source: The alternative authentication method displayed on the login page.
    claims: The obtained token and the user attribute field returned by the DescribeUserInfo API.
    Remember password: Specifies whether the browser remembers the password.
    Consent statement: If the toggle is turned on, you can configure the consent statement displayed on the login page.
    MFA: Click Edit in the upper right corner of the module to configure the parameters, and then click OK to save the configuration.
    img
    
    Parameter description:
    On/Off: By default, the toggle is turned off. If the toggle is turned on, 2FA will be enabled.
    Associate authentication source: The authentication method. The valid values include SMS OTP and email OTP authentication sources.
    Process of retrieving username: Click Edit in the upper right corner of the module to configure the parameters, and then click OK to save the configuration.
    img
    
    Parameter description:
    On/Off: By default, the toggle is turned on. Users cannot retrieve their usernames if the toggle is turned off.
    Retrieving method: The method of receiving usernames, such as email.
    Process of resetting password: Click Edit in the upper right corner of the module to configure the parameters, and then click OK to save the configuration.
    img
    
    
    Parameter description:
    On/Off: By default, the toggle is turned on. Users cannot reset their passwords if the toggle is turned off.
    Retrieving method: The method of receiving verification codes to reset passwords, such as email.

    CORS

    To call CIAM APIs by using JavaScript, you need to configure trusted CORS security domains. Up to 10 security domains are allowed.
    1. On the Application configuration page, click CORS to go to the CORS configuration page.
    2. On the CORS configuration page, click Edit.
    img
    
    
    3. Fill in the required information and click OK to save the configuration.
    img
    
    

    Notes

    The redirect URI of the application is added to the CORS security domain by default. You do not need to configure it here.
    Format of CORS: "://" [ ":" ]. For example, https://sample.portal.tencentciam.com or http://127.0.0.1:8080. Note that it must start with https:// or http://, and cannot include the request path.
    The domain name can only contain [a-z], [0-9] and [.-]. "-" cannot be used at the beginning or end of the domain name, and it cannot be used consecutively. The wildcard () is only allowed in the first part of the domain name, e.g. https://*.example.com.
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support