CN113901429A - Access method and device of multi-tenant system - Google Patents
Access method and device of multi-tenant system Download PDFInfo
- Publication number
- CN113901429A CN113901429A CN202111039781.1A CN202111039781A CN113901429A CN 113901429 A CN113901429 A CN 113901429A CN 202111039781 A CN202111039781 A CN 202111039781A CN 113901429 A CN113901429 A CN 113901429A
- Authority
- CN
- China
- Prior art keywords
- user
- tenant system
- access
- authentication token
- tenant
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/41—User authentication where a single sign-on provides access to a plurality of computers
Abstract
The invention discloses an access method and an access device of a multi-tenant system, which comprises the steps of responding to a received request of a user for accessing the multi-tenant system through a target service system, and determining an authentication token for single-point login contained in the request; verifying the validity of the authentication token; if the verification result indicates that the authentication token is valid, judging whether the user has authorization information for performing single sign-on the multi-tenant system; and if the user has the authorization information, accessing the multi-tenant system based on the parameters contained in the request. The extension module accesses the user authentication field of the three-party system to complete the registration and authentication logic of the user, thereby completing the non-inductive automatic login of the user and improving the access efficiency of the user in the target service system to the multi-tenant system. The problem that the multi-tenant system cannot be accessed through a user management and authentication system inside an enterprise or introduced from the outside in the related technology is solved.
Description
Technical Field
The present disclosure relates to the field of data processing technologies, and in particular, to an access method and an access device for a multi-tenant system.
Background
Multi-tenant technology (english) or multi-tenancy technology is a software architecture technology that explores how to share the same system or program components in a multi-user environment and still ensures data isolation among users.
The enterprise is usually provided with a stable user management and user authentication system, but the related technology cannot use the system to access the multi-tenant system, and only the independent users are accessed to realize the multi-tenant system, so that the problems of low access efficiency and waste of computing resources are caused.
Disclosure of Invention
The main purpose of the present disclosure is to provide an access method and apparatus for a multi-tenant system.
In order to achieve the above object, according to a first aspect of the present disclosure, there is provided an access method for a multi-tenant system, including: in response to receiving a request for accessing a multi-tenant system through a target business system, determining an authentication token for single-point login included in the request; performing validity check on the authentication token; if the verification result indicates that the authentication token is valid, judging whether the user has authorization information for performing single sign-on the multi-tenant system; if the user has the authorization information, access is made to the multi-tenant system based on parameters contained in the request.
Optionally, before receiving a request for a user to access the multi-tenant system through the target business system, the method further includes: in response to receiving a configuration request sent by the target service system, configuring an identity for the target service system; and generating an authentication token for single sign-on for the target service system based on the identity.
Optionally, the method further comprises: if the user does not have the authorization information, acquiring user information from the target business system based on the authentication token; and generating an authentication token for authenticating the user based on the user information, so that the user can access the multi-tenant system through the authentication token.
Optionally, the method further comprises: in response to receiving a request for the user to access the multi-tenant system through a target business system, determining a current access right of the user based on an authentication token authenticating the user.
According to a second aspect of the present disclosure, there is provided an access apparatus of a multi-tenant system, including: the system comprises a determining unit and a processing unit, wherein the determining unit is configured to respond to a request of a user for accessing the multi-tenant system through a target business system, and determine an authentication token for single sign-on contained in the request; a verification unit configured to verify validity of the authentication token; a judging unit configured to judge whether the user has authorization information for single sign-on to a multi-tenant system if the result of the check indicates that the authentication token is valid; an access unit configured to access the multi-tenant system based on parameters contained in the request if the user has the authorization information.
Optionally, the apparatus further comprises: the configuration unit is configured to respond to the received configuration request sent by the target service system and configure the identity for the target service system; and the generating unit is configured to generate an authentication token for single sign-on for the target business system based on the identity.
Optionally, the apparatus further comprises: an obtaining unit configured to obtain user information from the target business system based on the authentication token if the user does not have the authorization information; a processing unit configured to generate an authentication token authenticating the user based on the user information, so that the user accesses the multi-tenant system through the authentication token.
Optionally, the apparatus further comprises: an authority determination unit configured to determine a current access authority of a user based on an authentication token authenticating the user in response to receiving a request for the user to access the multi-tenant system through a target business system.
According to a third aspect of the present disclosure, there is provided a computer-readable storage medium storing computer instructions for causing a computer to execute the method for accessing a multi-tenant system according to any one of the optional implementations of the first aspect
According to a fourth aspect of the present disclosure, there is provided an electronic device comprising at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to cause the at least one processor to perform the method for accessing a multi-tenant system according to any one of the optional implementations of the first aspect.
In the access method and the device for the multi-tenant system in the embodiment of the disclosure, the method comprises the steps of responding to a received request of a user for accessing the multi-tenant system through a target service system, and determining an authentication token for single-point login included in the request; verifying the validity of the authentication token; if the verification result indicates that the authentication token is valid, judging whether the user has authorization information for performing single sign-on the multi-tenant system; and if the user has the authorization information, accessing the multi-tenant system based on the parameters contained in the request. The extension module accesses the user authentication field of the three-party system to complete the registration and authentication logic of the user, thereby completing the non-inductive automatic login of the user and improving the access efficiency of the user in the target service system to the multi-tenant system. The problem that the multi-tenant system cannot be accessed through a user management and authentication system inside an enterprise or introduced from the outside in the related technology is solved.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present disclosure, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flow chart of an access method of a multi-tenant system according to an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of an access device of a multi-tenant system according to an embodiment of the present disclosure;
fig. 3 is a schematic diagram of an electronic device according to an embodiment of the disclosure.
Detailed Description
In order to make the technical solutions of the present disclosure better understood by those skilled in the art, the technical solutions of the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are only some embodiments of the present disclosure, not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
It should be noted that the terms "first," "second," and the like in the description and claims of the present disclosure and in the above-described drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It should be understood that the data so used may be interchanged under appropriate circumstances such that embodiments of the present disclosure may be described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
According to an embodiment of the present disclosure, there is provided an access method of a multi-tenant system, as shown in fig. 1, the method includes the following steps 101 to 104:
step 101: in response to receiving a request for a user to access a multi-tenant system through a target business system, an authentication token for single sign-on included in the request is determined.
In this embodiment, the target business system may be a user management and authentication system inside an enterprise. The user in the enterprise can realize the login authentication inside the enterprise in the system, and further, when any tenant system in the multi-tenant system is accessed, whether the user is an enterprise user or not does not need to be judged, and the access efficiency is improved.
The request information (which may be request information in the form of URL) may include an authentication TOKEN SSO _ TOKEN for single sign-on, where the authentication TOKEN may be an authentication TOKEN generated by the execution subject of the method for the target business system, and the legitimacy of the target business system may be determined through the authentication TOKEN.
As an optional implementation manner of this embodiment, before receiving a request for a user to access a multi-tenant system through a target service system, the method further includes: in response to receiving a configuration request sent by the target service system, configuring an identity for the target service system; and generating an authentication token for single sign-on for the target service system based on the identity.
In this optional implementation manner, the target service system may send a request for applying for obtaining an identity identifier to the execution subject in advance, where the identity identifier may be an appid (unique identifier of an application) and/or an appsecret (private key), and after receiving the request, may determine whether the user is a trusted system based on a determination condition, and if so, may configure the identifier for the target service system, and then may generate a token for single point login based on the identifier information. When the target business system accesses the multi-tenant system, the information of the authentication token is carried in the access request.
Step 103: and if the verification result indicates that the authentication token is valid, judging whether the user has authorization information for performing single sign-on the multi-tenant system.
In this embodiment, verifying the validity of the authentication token may be verifying whether the authentication token is generated by a legitimate identity (appid (unique identification of an application) and/or appsecret (private key)) to prevent the authentication token from being forged.
Step 104: and if the verification result indicates that the authentication token is valid, judging whether the user has authorization information for performing single sign-on the multi-tenant system.
In this embodiment, if the verification result is invalid, prompt information for illegal access may be generated, and if the verification result is valid, it may be determined whether the user who sends the access request through the target service system is a user who has authorized the single sign-on right.
Step 103: if the user has the authorization information, access is made to the multi-tenant system based on parameters contained in the request.
In this embodiment, if it is an authorized user, then the relevant page in the multi-tenant system can be accessed (jumped to) through the REDIRECT parameter contained in the request, otherwise the user needs to be processed.
As an optional implementation manner of this embodiment, if the user does not have the authorization information, obtaining user information from the target service system based on the authentication token; and generating an authentication token for authenticating the user based on the user information, so that the user can access the multi-tenant system through the authentication token.
In this optional implementation manner, if the user does not have authorization information, the information of the user (including but not limited to the mailbox, the mobile phone number, and the like of the user) may be obtained from the target service system according to the authentication TOKEN SSO _ TOKEN for single sign-on, so as to register the access user and/or generate the authentication TOKEN of the user.
Illustratively, the executing entity may preset an extension module through which the obtaining of the user information is achieved, and the extension module may be an authorization configuration including, but not limited to, if the target business system supports a standard authorization protocol, such as oauth2.0, SAML2.0, etc., through which the obtaining of the information is achieved. If the target service system does not support the standard authorization protocol, the information acquisition interface can be designed, and an extension packet which is correspondingly realized is provided.
Illustratively, the generated authentication TOKEN for the user may include a TOKEN of U _ TOKEN for authenticating the user and a TOKEN of C _ TOKEN for authenticating the enterprise in which the user is located. And after the user registration is completed, accessing the related page of the multi-tenant system based on the REDIRECT parameter in the access request. Meanwhile, when the relevant page is accessed, the accessed tenant system can establish session control according to the U _ TOKEN by enabling the URL to carry the U _ TOKEN, so that the setting of the login state of the user is realized, and therefore when the user requests login next time, if the state is valid (is the login state), the user is proved to finish single-point login authorization, and the user can directly log in.
For example, when the user accesses any tenant system TA and accesses the accessed tenant system TA again (any time after the first access), it is determined whether the user currently has the access right of the accessed tenant system TA. When a user accesses any tenant system and accesses other tenant systems, the execution subject also judges whether the user currently has access rights to other tenant systems.
After the user accesses the tenant system TA, the tenant system TA may create a session control session according to the U _ TOKEN to maintain the access state of the user. Therefore, when the user requests access to the accessed tenant system TA again, the execution subject judges whether session control is established by the tenant system, and if so, the tenant system can be directly accessed again.
If the user does not access the multi-tenant system for the first time, the access target of the user can be determined through the request, and if the access target and the accessed tenant system are determined to belong to a business and the access target is not accessed by the user, such as TB, the situation is that the user accesses the tenant system belonging to the same business in the multi-tenant system for the first time. It is understood that the access target may also be a tenant system that is not accessed by the user and does not belong to the same enterprise as the accessed tenant system.
For the above situation, after a user accesses any tenant system, the authentication token (which may include a user authentication token and/or an enterprise authentication token) of the user is stored in the cache. Therefore, when a user accesses other tenant systems TB, it may be determined whether a user authentication TOKEN U _ TOKEN is stored in the cache, and if the user authentication TOKEN U _ TOKEN is stored, the enterprise authentication TOKEN C _ TOKEN is checked to check whether the enterprise authenticated by the C _ TOKEN is the same as the enterprise to which the accessed tenant system TA belongs, and if the enterprise authenticated by the C _ TOKEN is the same, the user has access right to the other tenant systems TB of the current enterprise. If the enterprise authenticated by the C _ TOKEN is different from the enterprise to which the accessed tenant system TA belongs, the user does not have access right.
After other tenant systems are accessed, the other tenant systems can also create a session control session, so that when the other tenant systems are accessed again, the execution subject can determine whether the user has access right through the session control.
In the embodiment, the trusted external system is allowed to access a unified user authentication center (execution main body) by providing the api/appseret for the trusted external system, and the authentication center accesses the user authentication field of the three-party system through the extension module to complete the registration and authentication logic of the user, so that the user can log in the multi-tenant system without senses. The access efficiency is improved.
As an optional implementation manner of this embodiment, the method further includes: in response to receiving a request for the user to access the multi-tenant system through a target business system, determining a current access right of the user based on an authentication token authenticating the user.
In this optional implementation manner, after the user logs in the multi-tenant system through the target service system, there may be a case where the user accesses the same tenant system again or accesses other tenant systems belonging to the same enterprise, and for these two cases, the multi-tenant system access may be implemented through the authentication token of the user.
When the user accesses any tenant system TA and accesses the accessed tenant system TA again (any time after the first access), the execution subject of the method judges whether the user currently has the access right of the accessed tenant system TA. When a user accesses any tenant system and accesses other tenant systems, the execution subject also judges whether the user currently has access rights to other tenant systems.
For example, the determining whether the user currently has the right to access any of the tenant systems based on the authentication token may include: in response to receiving a request for re-access of a user to any tenant system, judging whether the any tenant system already creates session control; determining the current access authority of the target user to any tenant system based on the judgment result
As an example, after the user accesses the tenant system TA, the tenant system TA may create a session control session according to the U _ TOKEN to maintain the access state of the user. Therefore, when the user requests access to the accessed tenant system TA again, the execution subject judges whether session control is established by the tenant system, and if so, the tenant system can be directly accessed again.
As another example, when the user accesses the tenant system TA, the tenant system TA may create a session control session according to U _ TOKEN. Therefore, when the user requests to access the accessed tenant system TA again, whether session control is established by the tenant system is judged, and if the session control is established, the user authentication TOKEN U _ TOKEN is checked to verify whether the user has the right to access the tenant system TA. The verification of the user authentication TOKEN U TOKEN may be to verify its validity, including, but not limited to, verifying whether the accessing user is an enterprise to which the tenant system to be accessed belongs.
As an optional implementation manner of this embodiment, determining, based on the authentication token, whether the user currently has a right to access another tenant system in the multi-tenant system includes: in response to receiving a request of the user for accessing other tenant systems of the multi-tenant system, verifying the authentication token to determine the access authority of the user to the other tenant systems based on the verification result.
In this optional implementation manner, the execution subject may receive, in real time, an access request sent by a user through a user side, and if it is determined that the user does not access the multi-tenant system for the first time, an access destination of the user may be determined through the request, and if it is determined that the access destination and the accessed tenant system belong to an enterprise and the access destination is not accessed by the user, for example, TB, this is the case that the user accesses the tenant system belonging to the same enterprise in the multi-tenant system for the first time. It is understood that the access target may also be a tenant system that is not accessed by the user and does not belong to the same enterprise as the accessed tenant system.
For the above situation, after a user accesses any tenant system, the authentication token (which may include a user authentication token and/or an enterprise authentication token) of the user is stored in the cache. Therefore, when a user accesses other tenant systems TB, it may be determined whether a user authentication TOKEN U _ TOKEN is stored in the cache, and if the user authentication TOKEN U _ TOKEN is stored, the enterprise authentication TOKEN C _ TOKEN is checked to check whether the enterprise authenticated by the C _ TOKEN is the same as the enterprise to which the accessed tenant system TA belongs, and if the enterprise authenticated by the C _ TOKEN is the same, the user has access right to the other tenant systems TB of the current enterprise. If the enterprise authenticated by the C _ TOKEN is not the same as the enterprise to which the accessed tenant system TA belongs, the user does not have the access right.
In the embodiment, the trusted external system is allowed to access a unified user authentication center (execution main body) by providing the api/appseret for the trusted external system, and the authentication center accesses the user authentication field of the three-party system through the extension module to complete the registration and authentication logic of the user, so that the user can log in the multi-tenant system without senses. The login efficiency is improved.
In this embodiment, the method may automatically complete the automatic authorized login of the tenant system for the user authentication integration system inside the enterprise or the user authentication integration system of the third-party system. If the target business system is a user authentication integration system of the enterprise internal self-research system, the external system automatically completes the automatic authorized login of the tenant system through browser skip and encryption authentication fields by establishing a standard user registration and authentication process. If the third-party system aims at the standard authorized access protocol (OAuth2.0, SAML2.0 and the like), the third-party system completes the automatic authorized login of the tenant system through the authentication identifier.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order different than presented herein.
According to an embodiment of the present disclosure, there is also provided an apparatus for implementing the access method of the multi-tenant system, as shown in fig. 2, the apparatus includes: a determining unit 201, configured to, in response to receiving a request for a user to access a multi-tenant system through a target business system, determine an authentication token for single sign-on included in the request; a verification unit 202 configured to verify validity of the authentication token; a determining unit 203 configured to determine whether the user has authorization information for single sign-on to the multi-tenant system if the result of the check indicates that the authentication token is valid; an accessing unit 204 configured to access the multi-tenant system based on the parameters contained in the request if the user has the authorization information.
As an optional implementation manner of this embodiment, the apparatus further includes: the configuration unit is configured to respond to the received configuration request sent by the target service system and configure the identity for the target service system; and the generating unit is configured to generate an authentication token for single sign-on for the target business system based on the identity.
As an optional implementation manner of this embodiment, the apparatus further includes: an obtaining unit configured to obtain user information from the target business system based on the authentication token if the user does not have the authorization information; a processing unit configured to generate an authentication token authenticating the user based on the user information, so that the user accesses the multi-tenant system through the authentication token.
As an optional implementation manner of this embodiment, the apparatus further includes: an authority determination unit configured to determine a current access authority of a user based on an authentication token authenticating the user in response to receiving a request for the user to access the multi-tenant system through a target business system.
The embodiment of the present disclosure provides an electronic device, as shown in fig. 3, the electronic device includes one or more processors 31 and a memory 32, where one processor 31 is taken as an example in fig. 3.
The controller may further include: an input device 33 and an output device 34.
The processor 31, the memory 32, the input device 33 and the output device 34 may be connected by a bus or other means, and fig. 3 illustrates the connection by a bus as an example.
The processor 31 may be a Central Processing Unit (CPU). The processor 31 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or combinations thereof. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 32, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the control methods in the embodiments of the present disclosure. The processor 31 executes various functional applications of the server and data processing, i.e. the access method of the multi-tenant system implementing the above-described method embodiments, by running the non-transitory software programs, instructions and modules stored in the memory 32.
The memory 32 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of a processing device operated by the server, and the like. Further, the memory 32 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 32 may optionally include memory located remotely from the processor 31, which may be connected to a network connection device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 33 may receive input numeric or character information and generate key signal inputs related to user settings and function control of the processing device of the server. The output device 34 may include a display device such as a display screen.
One or more modules are stored in the memory 32, which when executed by the one or more processors 31 perform the method as shown in fig. 1.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program to instruct related hardware, and the program can be stored in a computer readable storage medium, and when executed, the program can include the processes of the embodiments of the motor control methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-only memory (ROM), a Random Access Memory (RAM), a flash memory (FlashMemory), a hard disk (hard disk drive, abbreviated as HDD) or a Solid State Drive (SSD), etc.; the storage medium may also comprise a combination of memories of the kind described above.
Although the embodiments of the present disclosure have been described in conjunction with the accompanying drawings, those skilled in the art may make various modifications and variations without departing from the spirit and scope of the present disclosure, and such modifications and variations fall within the scope defined by the appended claims.
Claims (10)
1. An access method of a multi-tenant system, comprising:
in response to receiving a request for accessing a multi-tenant system through a target business system, determining an authentication token for single-point login included in the request;
performing validity check on the authentication token;
if the verification result indicates that the authentication token is valid, judging whether the user has authorization information for performing single sign-on the multi-tenant system;
if the user has the authorization information, access is made to the multi-tenant system based on parameters contained in the request.
2. The method of accessing a multi-tenant system according to claim 1, wherein prior to receiving a request for access to the multi-tenant system by a user through a target business system, the method further comprises:
in response to receiving a configuration request sent by the target service system, configuring an identity for the target service system;
and generating an authentication token for single sign-on for the target service system based on the identity.
3. The method of accessing the multi-tenant system of claim 1, further comprising:
if the user does not have the authorization information, acquiring user information from the target business system based on the authentication token;
and generating an authentication token for authenticating the user based on the user information, so that the user can access the multi-tenant system through the authentication token.
4. The method of accessing the multi-tenant system of claim 3, further comprising:
in response to receiving a request for the user to access the multi-tenant system through a target business system, determining a current access right of the user based on an authentication token authenticating the user.
5. An access apparatus of a multi-tenant system, comprising:
the system comprises a determining unit and a processing unit, wherein the determining unit is configured to respond to a request of a user for accessing the multi-tenant system through a target business system, and determine an authentication token for single sign-on contained in the request;
a verification unit configured to verify validity of the authentication token;
a judging unit configured to judge whether the user has authorization information for single sign-on to a multi-tenant system if the result of the check indicates that the authentication token is valid;
an access unit configured to access the multi-tenant system based on parameters contained in the request if the user has the authorization information.
6. The access device of the multi-tenant system of claim 5, wherein the device further comprises:
the configuration unit is configured to respond to the received configuration request sent by the target service system and configure the identity for the target service system;
and the generating unit is configured to generate an authentication token for single sign-on for the target business system based on the identity.
7. The access device of the multi-tenant system of claim 5, wherein the device further comprises:
an obtaining unit configured to obtain user information from the target business system based on the authentication token if the user does not have the authorization information;
a processing unit configured to generate an authentication token authenticating the user based on the user information, so that the user accesses the multi-tenant system through the authentication token.
8. The access device of the multi-tenant system of claim 7, wherein the device further comprises:
an authority determination unit configured to determine a current access authority of a user based on an authentication token authenticating the user in response to receiving a request for the user to access the multi-tenant system through a target business system.
9. A computer-readable storage medium storing computer instructions for causing a computer to perform the method of accessing the multi-tenant system according to any one of claims 1 through 4.
10. An electronic device, comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to cause the at least one processor to perform the method of accessing the multi-tenant system of any one of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111039781.1A CN113901429A (en) | 2021-09-06 | 2021-09-06 | Access method and device of multi-tenant system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111039781.1A CN113901429A (en) | 2021-09-06 | 2021-09-06 | Access method and device of multi-tenant system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113901429A true CN113901429A (en) | 2022-01-07 |
Family
ID=79188895
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111039781.1A Pending CN113901429A (en) | 2021-09-06 | 2021-09-06 | Access method and device of multi-tenant system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113901429A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114793179A (en) * | 2022-05-09 | 2022-07-26 | 北京明略昭辉科技有限公司 | Method and system for tenant access, server and storage medium |
| CN115208646A (en) * | 2022-07-03 | 2022-10-18 | 上海妙一生物科技有限公司 | SaaS application authority management method and system |
-
2021
- 2021-09-06 CN CN202111039781.1A patent/CN113901429A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114793179A (en) * | 2022-05-09 | 2022-07-26 | 北京明略昭辉科技有限公司 | Method and system for tenant access, server and storage medium |
| CN115208646A (en) * | 2022-07-03 | 2022-10-18 | 上海妙一生物科技有限公司 | SaaS application authority management method and system |
| CN115208646B (en) * | 2022-07-03 | 2024-03-26 | 上海妙一生物科技有限公司 | SaaS application authority management method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109413032B (en) | Single sign-on method, computer readable storage medium and gateway | |
| US11218460B2 (en) | Secure authentication for accessing remote resources | |
| CN111556006B (en) | Third-party application system login method, device, terminal and SSO service platform | |
| TWI725958B (en) | Cloud host service authority control method, device and system | |
| CN110381031B (en) | Single sign-on method, device, equipment and computer readable storage medium | |
| WO2018036314A1 (en) | Single-sign-on authentication method and apparatus, and storage medium | |
| WO2017202312A1 (en) | Message permission management method and device, and storage medium | |
| US20160127352A1 (en) | Step-up authentication for single sign-on | |
| WO2019036012A1 (en) | Application user single sign-on | |
| CN115021991A (en) | Single sign-on for unmanaged mobile devices | |
| CN109815684B (en) | Identity authentication method, system, server and storage medium | |
| US10187386B2 (en) | Native enrollment of mobile devices | |
| CN112769735B (en) | Resource access method, device and system | |
| CN104506542A (en) | Security certification method and security certification system | |
| CN113901429A (en) | Access method and device of multi-tenant system | |
| EP3488589B1 (en) | Login proxy for third-party applications | |
| CN110175448B (en) | Trusted device login authentication method and application system with authentication function | |
| CN112039873A (en) | Method for accessing business system by single sign-on | |
| CN111241523B (en) | Authentication processing method, device, equipment and storage medium | |
| US10341345B1 (en) | Network browser configuration | |
| CN113901428A (en) | Login method and device of multi-tenant system | |
| CN114866247B (en) | Communication method, device, system, terminal and server | |
| CN112738005A (en) | Access processing method, device, system, first authentication server and storage medium | |
| CN114157472B (en) | Network access control method, device, equipment and storage medium | |
| US20230126355A1 (en) | Limiting discovery of a protected resource in a zero trust access model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |