Configure third-party login (office scenario)
Third-party login configuration includes the following:
Configure common parameters—Ensure secure user login with third-party authentication.
Configure SMS notification parameters—Enable the management platform to interoperate with an SMS gateway.
Configure a third-party login server—Enable third-party login.
Configure WeCom login—Enable users to log in by scanning a QR code with WeCom.
Configure DingTalk login—Enable users to log in by scanning a QR code with DingTalk.
ARM hosts do not support Third-party login configuration.
Configure common parameters
Common parameters ensure secure user login with SMS authentication. Before you can enable third-party authentication, you must configure third-party server parameters to set up a connection with a third-party authentication server.
Procedure
From the navigation pane, select System > Advanced Settings > Third-Party Login Configuration.
Click Configure for Common Parameters.
Click OK.
Parameters
SMS Template: Configure an SMS template based on which the system generates SMS messages to send verification codes to users. The SMS template must start with a signature enclosed by square brackets ([]) and it must contain a verification code prefixed with <VERIFYCODE>. The signature can contain letters, digits, Chinese characters, underscores (_), and blank spaces, and it cannot begin with a blank space.
Resend In: Set the interval for the system to send a new verification code. The default is 60 seconds.
Verification Code Validity Period: Set the validity period of verification codes. The system can send a new verification code after the old one expires. The default is 120 seconds.
Apply To: Select the users to which SMS authentication is applied:
All Links: Enable SMS authentication for all users.
Gateway Login: Enable SMS authentication for users who log in through a gateway.
Direct Connection: Enable SMS authentication for directly connected users.
Auth User Type: Select an authentication user type from the Local User, Domain User, and LDAP User options.
Configure SMS balance alert parameters
The system supports sending an SMS balance alert to the administrators when the SMS balance drops below the alarm threshold.
Procedure
From the navigation pane, select System > Advanced Settings > Third-Party Login Configuration.
Click Configure for SMS Balancer Alert.
Configure the SMS balancer alert parameters, and then click OK.
To reset the SMS balancer alert parameters, click Reset for SMS Balancer Alert.
To enable SMS balancer alerts, click Enable for SMS Balancer Alert.
Parameters
Balance Alert Threshold: Set the SMS balance alarm threshold. The default is 1000.
Send Alert At: Set the time when the system sends a low SMS balance message.
Administrator Phone Number: Enter the comma-separated phone numbers of the administrators to receive low SMS balance messages. The string cannot exceed 512 characters.
Configure SMS notification parameters
Perform this task to configure SMS platform parameters.
Procedure
From the navigation pane, select System > Advanced Settings > Third-Party Login Configuration.
Click Configure & Enable for SMS Notification Parameters.
Configure the SMS notification parameters, and then click SMS Test to verify connectivity.
Click OK.
Parameters
SMS Type: Select a platform to send the SMS messages. Options include Jixintong SMS Platform, and Common SMS Platform. The Jixintong SMS platform is a third-party SMS platform and requires separate registration and deployment. For more information, access the official website of Jixintong.
If you select Jixintong SMS Platform, configure the following parameters:
Login Name: Enter the login name for accessing the SMS platform.
Login Password: Enter the password for accessing the SMS platform.
HTTP Proxy: Set whether to enable HTTP proxy. If you enable HTTP proxy, configure the IP address, port number, username, and password of the HTTP proxy.
If you select Common SMS Platform, configure the following parameters:
SMS Code: Select an encoding type. Options include UTF-8 and GBK.
Send Type: Select a message sending mode. Options include HTTP Request (POST) and Command.
Request URL: Enter the request URL for the common SMS platform to send messages. This parameter is required when the send type is HTTP Request (POST). When the system generates an alarm, the common SMS platform sends an HTTP request to this request URL to send SMS notifications. To obtain the exact address and address format, contact the SMS provider. Example: http://192.168.0.1:80/sendSms?userName=a&pwd=b&mobile={Mobile}&content={Content}, where {Mobile} represents the phone numbers to receive alarm messages and {Content} represents alarm message contents.
Configure a third-party login server
To use third-party login, you must first configure a third-party login server for processing third-party login authentication requests.
|
|
Before you configure a third-party login server, deploy a third-party login server. |
Procedure
From the navigation pane, select System > Advanced Settings > Third-Party Login Configuration.
Click Configure for Third-Party Login Server Configuration.
Configure the third-party login server parameters, and then click Test Connectivity.
Click OK.
Parameters
Private Network Protocol: Select a protocol for accessing the network where the management platform resides.
Private Network Host IP: Enter the IP address used by the third-party login server on the network where the management platform resides.
Private Network Port: Enter the port number used by the third-party login server on the network where the management platform resides.
Public Network Protocol: Select a protocol for accessing the Internet.
Public Network Host IP: Enter the IP address used by the third-party login server on the Internet.
Public Network Port: Enter the port number used by the third-party login server on the Internet.
Configure WeCom login
Configure WeCom login to enable users to log in by scanning a QR code with WeCom.
Procedure
From the navigation pane, select System > Advanced Settings > Third-Party Login Configuration.
Click Configure for WeCom Login.
Configure the WeCom login parameters.
Click OK.
Parameters
|
|
Access the WeCom console to obtain a corporation ID, application secret, and application agent ID. For more information, see H3C Workspace Third-party Login Configuration Guide. |
Corporation ID: Enter a corporation ID for Workspace in the WeCom console.
Secret: Enter an application secret.
AgentId: Enter an application agent ID.
Code Scanning Login: Select whether to enable code scanning login for WeCom. If you select Enabled, a user can directly log in to the Workspace client by scanning a QR code with WeCom.
Code Scanning 2FA: Select whether to enable code scanning 2FA for WeCom. If you select Enabled, a user can log in to the Workspace client only after performing the following tasks:
Enter a correct username and password.
Obtain a QR code for WeCom.
Scan the QR code with WeCom .
Random Code 2FA: Select whether to enable random code 2FA for WeCom. If you select Enabled, a user can log in to the Workspace client only after entering a correct username and password, and the verification code from WeCom or SMS verification code.
Configure DingTalk login
Configure DingTalk login to enable users to log in by scanning a QR code with DingTalk.
Procedure
From the navigation pane, select System > Advanced Settings > Third-Party Login Configuration.
Click Configure for DingTalk Login.
Configure the DingTalk login parameters.
Click OK.
Parameters
|
|
Access the DingTalk console to obtain an application ID, application secret, and application agent ID. For more information, see H3C Workspace Third-party Login Configuration Guide. |
QR Code Login Configuration: Configure the AppId and AppSecret parameters after enabling code scanning login.
AppId: Enter an application ID.
AppSecret: Enter an application secret.
Internal Application Configuration
Dual Authentication: Select whether to enable dual authentication for DingTalk. If you select Enabled, a user can log in to the Workspace client only after entering a correct username and password and the verification code from the DingTalk. Configure the AgentId, AppSecret, AppKey, and CorpId parameters after enabling dual authentication.
AgentId: Enter the agent ID of an H5 micro application.
AppSecret: Enter the application secret of an H5 micro application.
AppKey: Enter the application key of an H5 micro application.
CorpId: Enter a corporation ID for Workspace in the DingTalk console.
Code Scanning Login: Select whether to enable code scanning login for DingTalk. If you select Enabled, a user can directly log in to the Workspace client by scanning a QR code with DingTalk.
Code Scanning 2FA: Select whether to enable code scanning 2FA for DingTalk. If you select Enabled, a user can log in to the Workspace client only after performing the following tasks:
Enter a correct username and password.
Obtain the QR code for DingTalk.
Scan the QR code with DingTalk.
Random Code 2FA: Select whether to enable random code 2FA for DingTalk. If you select Enabled, a user can log in to the Workspace client only after entering a correct username and password, and the verification code from DingTalk or SMS verification code.
Configure super SIM login
Procedure
From the navigation pane, select System > Advanced Settings > Third-Party Login Configuration.
Click Configure for Super SIM Login.
Enable Super SIM Login, and configure parameters as described in "Parameters."
Click OK.
Parameters
|
|
To obtain an application ID and application key, visit the website at https://dev.10086.cn. Request a template ID by sending an email to the administrator. For more information, see H3C Workspace Third-party Login Configuration Guide. |
TemplateId: Enter an authentication message template ID.
AppId: Enter an application ID.