tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Customer Identity and Access Management
    Documentation
    Download PDF

    Configuring an application

    Last updated: 2023-12-22 11:42:07
    Download PDF

      Scenarios

      Customer Identity and Access Management (CIAM) allows administrators to configure created applications as needed, including the basic information (such as the icon and name), the parameters (such as the redirect and logout addresses), and the processes (such as registration, login, password reset, and protocol management).

      Steps

      1. Log in to the CIAM console and select Application management in the left navigation pane.
      2. On the Application management page, click Configuration in the operation column.
      img
      
      

      Basic information

      
      img
      
      

      Parameter configuration

      1. On the Application configuration page, click the Parameter configuration tab.
      2. On the Parameter configuration tab, fill in the required information and click OK to save the configuration.
      img
      
      
      Parameter description:
      Parameter
      Description
      Example
      Redirect URI
      A complete URL starting with http or https for receiving the OAuth authorization code. After the user authorizes the request, this code will be redirected to the address.
      Logout Redirect URI
      A complete URL starting with http or https, to which the user will be redirected after logout.
      https://www.qq.com/logout
      Access_token validity
      The validity period of access tokens. The default validity is 600 seconds.
      600
      refresh_token
      Specifies whether refresh tokens are enabled.
      -
      Refresh_token validity period
      The validity period of refresh tokens. This parameter is displayed when refresh tokens are enabled. The default validity is 86,400 seconds.
      86400

      Process configuration

      You can configure the registration, login, MFA, username retrieval, and password reset processes. By configuring different parameters, you can customize the registration, login, and other processes for applications.
      For Web applications, one-page applications, and mobile apps, you can configure the registration, login, MFA, username retrieval, and password reset processes.

      Configuring Web applications, one-page applications, and mobile apps

      1. On the Application configuration page, click the Process configuration tab.
      2. The Process configuration tab contains five modules for the registration, login, MFA, username retrieval, and password reset processes.
      Registration: Click Edit in the upper right corner of the module to configure the parameters, and then click OK to save the configuration.
      img
      
      
      Parameter description:
      On/Off: By default, the toggle is turned on. Users cannot register for the application if the toggle is turned off.
      Authentication attribute: This field is filled in by users during registration. It can be used as a unique user identifier.
      SMS OTP authentication source: The policy for sending SMS OTPs during registration. This field must be configured if you select the phone number as the authentication attribute.
      Email OTP authentication source: The policy for sending email OTPs during registration. This field must be configured if you select the email address as the authentication attribute.
      General attribute: This field is filled in by users during registration. It cannot be used as a unique user identifier.
      User group: The group to which users belong after successful registration.
      Auto login: If the toggle is turned on, users are automatically logged in to the application after successful registration. If the toggle is turned off, users are redirected to the login page after successful registration and need to log in.
      Consent statement: If the toggle is turned on, you can configure the consent statement displayed on the registration page as instructed below.
      
      img
      
      
      Login: Click Edit in the upper right corner of the module to configure the parameters, and then click OK to save the configuration.
      img
      
      Parameter description:
      On/Off: By default, the toggle is turned on. Users cannot log in to the application if the toggle is turned off.
      Preferred authentication source: The preferred authentication method displayed on the login page.
      Associate authentication source: The alternative authentication method displayed on the login page.
      claims: The obtained token and the user attribute field returned by the DescribeUserInfo API.
      Remember password: Specifies whether the browser remembers the password.
      Consent statement: If the toggle is turned on, you can configure the consent statement displayed on the login page.
      MFA: Click Edit in the upper right corner of the module to configure the parameters, and then click OK to save the configuration.
      img
      
      Parameter description:
      On/Off: By default, the toggle is turned off. If the toggle is turned on, 2FA will be enabled.
      Associate authentication source: The authentication method. The valid values include SMS OTP and email OTP authentication sources.
      Process of retrieving username: Click Edit in the upper right corner of the module to configure the parameters, and then click OK to save the configuration.
      img
      
      Parameter description:
      On/Off: By default, the toggle is turned on. Users cannot retrieve their usernames if the toggle is turned off.
      Retrieving method: The method of receiving usernames, such as email.
      Process of resetting password: Click Edit in the upper right corner of the module to configure the parameters, and then click OK to save the configuration.
      img
      
      
      Parameter description:
      On/Off: By default, the toggle is turned on. Users cannot reset their passwords if the toggle is turned off.
      Retrieving method: The method of receiving verification codes to reset passwords, such as email.

      CORS

      To call CIAM APIs by using JavaScript, you need to configure trusted CORS security domains. Up to 10 security domains are allowed.
      1. On the Application configuration page, click CORS to go to the CORS configuration page.
      2. On the CORS configuration page, click Edit.
      img
      
      
      3. Fill in the required information and click OK to save the configuration.
      img
      
      

      Notes

      The redirect URI of the application is added to the CORS security domain by default. You do not need to configure it here.
      Format of CORS: "://" [ ":" ]. For example, https://sample.portal.tencentciam.com or http://127.0.0.1:8080. Note that it must start with https:// or http://, and cannot include the request path.
      The domain name can only contain [a-z], [0-9] and [.-]. "-" cannot be used at the beginning or end of the domain name, and it cannot be used consecutively. The wildcard () is only allowed in the first part of the domain name, e.g. https://*.example.com.
      
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy