CN117014191A - Safe login method and device based on SaaS application, electronic equipment and storage medium - Google Patents

Abstract

The present application relates to the field of data security technologies, and in particular, to a security login method and apparatus based on SaaS application, an electronic device, and a storage medium. The application adopts the combination of the mechanism identifier of the SaaS application and the application environment identifier of the third party application to replace the mobile phone number as the user identity identifier for carrying out security verification, and authorizes the user to automatically log in the SaaS application after the verification is successful. Because the application environment identifier of the third party application is unique, when the mechanism identifier of the SaaS application and the application environment identifier of the third party application are used as user identity identifiers to verify and automatically log in, the security of data of a user in the SaaS application can be effectively ensured, and an authorized user automatically logs in the SaaS application, so that the login efficiency is improved, and the use experience of the user is improved.

Description

Safe login method and device based on SaaS application, electronic equipment and storage medium

Technical Field

The present application relates to the field of data security technologies, and in particular, to a security login method and apparatus based on SaaS application, an electronic device, and a storage medium.

Background

At present, the Internet mainly uses application software, namely service (Soft as a Service, saaS), as a stage marketing scene to conduct drainage and customer-making. The SaaS application mainly uses the mobile phone number as an identity to identify the user, and performs active pushing, message notification and the like through the mobile phone number.

The inventor finds that the mobile phone number has change recovery inheritance in the process of realizing the application, so that the mobile phone number cannot ensure the unique identity of the user, and in addition, when the user of the mobile phone number has changed, the activity data generated based on the mobile phone number can be inherited, thereby causing unsafe data attribution.

Disclosure of Invention

In view of the above, the present application provides a secure login method, device, electronic device and storage medium based on SaaS application, which are used for solving the technical problem that mobile phone numbers are unsafe as user identification under the SaaS application.

The first aspect of the application provides a secure login method based on a SaaS application, which comprises the following steps:

when a login instruction of a user entering a SaaS application from a third party application is detected, acquiring a user identity of the user, wherein the user identity comprises a mechanism identity of the SaaS application and an application environment identity of the third party application; checking whether the user identity exists or not;

And when the user identity mark is verified to exist, authorizing the user to automatically log in the SaaS application.

In an alternative embodiment, the method further comprises:

when an entering instruction of the user is received on an active page, acquiring a user state of the user;

determining activity entry rights corresponding to the user state;

and managing the user to enter the activity page according to the activity entry authority.

In an alternative embodiment, the method further comprises:

responding to a viewing instruction of the user on target service data, and acquiring the type and service validity period of the target service data;

responding to a viewing instruction of the user on target business data, and acquiring a class type and an activity validity period corresponding to the target activity data;

determining a viewing mode of the user according to the grade type of the target activity data;

determining a viewing category of the target activity data according to the activity validity period;

allowing the user to view the target activity data in the view mode and the view category.

In an alternative embodiment, the method further comprises:

When the user identity is verified to exist, acquiring the mobile phone number of the user;

judging whether the mobile phone number stored in the SaaS application database is changed or not according to the acquired mobile phone number;

and when the mobile phone number stored in the SaaS application database is determined to be changed, updating the mobile phone number stored in the SaaS application database.

In an alternative embodiment, the method further comprises:

and when the user identity is verified to be absent, automatically registering the user according to the user identity.

In an alternative embodiment, the method further comprises:

when the user identity is verified to exist, acquiring the mobile phone number of the user from the SaaS application database; sending a verification code to the mobile phone number, and displaying a verification code input page;

when the verification code input page receives the verification code input by the user, comparing the verification code input by the user with the transmitted verification code;

and when the verification code input by the user is compared to be consistent with the transmitted verification code, authorizing the user to automatically log in the SaaS application.

In an alternative embodiment, the method further comprises:

When the verification code input by the user is inconsistent with the transmitted verification code, skipping to display the third party application;

carrying out security verification on the user through the third party application;

and when the security verification of the user is successful through the third party application, authorizing the user to automatically log in the SaaS application.

A second aspect of the present application provides a security login device based on a SaaS application, the device comprising:

the detection module is used for acquiring a user identity of the user when detecting a login instruction of the user from a third party application to a SaaS application, wherein the user identity comprises a mechanism identity of the SaaS application and an application environment identity of the third party application;

the verification module is used for verifying whether the user identity mark exists or not;

and the login module is used for authorizing the user to automatically login the SaaS application when the user identity mark is verified to exist.

A third aspect of the present application provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the SaaS application based secure login method when executing the computer program.

A fourth aspect of the present application provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the SaaS application based secure login method.

In summary, according to the security login method, the security login device, the electronic device and the storage medium based on the SaaS application provided by the embodiments of the present application, when a user enters the SaaS application from a third party application, the user is authorized to automatically login to the SaaS application by acquiring the user identity of the user and checking whether the user identity exists, if the user identity exists. The application adopts the combination of the mechanism identifier of the SaaS application and the application environment identifier of the third party application to replace the mobile phone number as the user identity identifier for safe login, and can only establish a unique user identity identifier according to the application environment identifier because the application environment identifier of the third party application is unique, so that the safety of the data of the user in the SaaS application can be effectively ensured when the mechanism identifier of the SaaS application and the application environment identifier of the third party application are used as the user identity identifier for verification and automatic login.

Drawings

FIG. 1 is a flow chart of a secure login method based on a SaaS application, which is shown in an embodiment of the application;

FIG. 2 is a functional block diagram of a secure login device based on a SaaS application according to an embodiment of the present application;

fig. 3 is a block diagram of an electronic device shown in an embodiment of the application.

Detailed Description

The terminology used in the following embodiments of the application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in the specification of the present application, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates to the contrary. It should also be understood that the term "and/or" as used in this disclosure is intended to encompass any or all possible combinations of one or more of the listed items.

The terms "first," "second," and the like, are used below for descriptive purposes only and are not to be construed as implying or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature, and in the description of embodiments of the application, unless otherwise indicated, the meaning of "a plurality" is two or more.

The secure login method based on the SaaS application provided by the embodiment of the application is executed by the electronic equipment, and correspondingly, the secure login device based on the SaaS application is operated in the electronic equipment.

Fig. 1 is a flowchart of a security login method based on a SaaS application according to an embodiment of the present application. The SaaS application-based secure login method specifically comprises the following steps, the sequence of the steps in the flow chart can be changed according to different requirements, and some steps can be omitted.

S11, acquiring a user identity of a user when detecting a login instruction of the user entering the SaaS application from a third party application.

When a user enters the SaaS application through the third-party application, the user needs to log in the SaaS application. In order to realize quick and convenient login, the user identity of the user can be acquired first, and whether the user is logged in or not is determined through the user identity.

The user identity comprises an organization identity of the SaaS application and an application environment identity of the third party application.

The organization identification can be understood as an organization unique identification inside the SaaS application scene as an identification of a user engaged in a popularization marketing activity in the SaaS application. The same user is equivalent to two users in different institutional scenes. For example, the institution identification corresponding to bank a is 10001 and the institution identification corresponding to bank b is 10002.

The application environment identifier is an identity of a third party application. The third party applications may include, but are not limited to: other applications such as WeChat, payment treasury, microblog, reddish book, etc.

S12, checking whether the user identity mark exists.

After the SaaS application obtains the user identity of the user, it is necessary to verify whether the user identity exists in the SaaS application database according to the application environment identity. Since the application environment identifier is unique, the user identity identifier created according to the application environment identifier is also unique, so that whether the user identity identifier exists in the SaaS application database can be checked according to the application environment identifier. Specifically, the application environment identifier may be searched in the SaaS application database, and when the same application environment identifier exists in the SaaS application database, whether the mechanism identifier in the user identity identifier is consistent with the mechanism identifier corresponding to the application environment identifier in the SaaS application database is further determined. And when the mechanism identification in the user identification is consistent with the mechanism identification corresponding to the application environment identification in the SaaS application database, determining that the user identification exists in the SaaS application database. When the fact that the same application environment identifier does not exist in the SaaS application database is retrieved, or when the mechanism identifier in the user identifier is inconsistent with the mechanism identifier corresponding to the application environment identifier in the SaaS application database, the user identifier is determined to not exist in the SaaS application database.

When a user logs in the SaaS application for the first time, a user identity is created based on the mechanism identity and the application environment identity. After the user identity is successfully established, the user identity and corresponding data information are automatically stored in a SaaS application database. And when the user subsequently logs in the SaaS application, the user identity mark can automatically log in the SaaS application.

The data information may include, but is not limited to: user name, user gender, login password, phone number, etc.

It should be appreciated that only one user identity associated therewith can be uniquely created based on the organization identity and the application environment identity, and that different organization identities and/or different application environment identities create different user identities.

And S13, when the user identity is verified to exist, authorizing the user to automatically log in the SaaS application.

And if the user identity mark exists in the SaaS application database, indicating that the user is an old user, performing automatic authorized login processing.

In other embodiments, if it is verified that the user identity does not exist in the SaaS application database, indicating that the user is a new user, the user is automatically registered according to the user identity.

For example, assuming that the user a has two organization identifiers, namely, an organization identifier 1 and an organization identifier 2, at the same time, the user a creates a user identifier based on an application environment identifier 1 and the organization identifier 1, but the user a does not create a user identifier based on the application environment identifier 1 and the organization identifier 2, if the user a enters an active page of the organization 1 of the SaaS application based on a third party application corresponding to the application environment identifier 1, since the user identifier (the organization identifier 1+the application environment identifier 1) exists in the SaaS application database, the SaaS application will perform automatic authorized login. If the user A enters the active page of the organization 2 of the SaaS application based on the third party application corresponding to the application environment identifier 1, the user identity identifier (organization identifier 2+application environment identifier 1) does not exist in the SaaS application database, and then the user A is automatically registered for the user identity identifier based on the organization identifier 2 and the application environment identifier 1.

For example, it is assumed that the user a has two application environment identifiers that are the application environment identifier 1 and the application environment identifier 2, and the user a creates a user identity active data on an active page of a certain mechanism of the SaaS application based on the application environment identifier 1, but the user a does not create a user identity on an active page of the mechanism of the SaaS application based on the application environment identifier 2, and if the user a enters the active page of the mechanism of the SaaS application based on a third party application corresponding to the application environment identifier 1, the SaaS application will automatically determine that the user a is an old user, and perform automatic authorized login. If the user A enters the active page of the mechanism of the SaaS application based on the third party application corresponding to the application environment identifier 2, the SaaS application can automatically judge that the user A is a new user and automatically register for the user identity based on the mechanism identifier of the mechanism and the application environment identifier 2.

Through the above embodiment, the user identity identifier created based on the application environment identifier and the organization identifier is unique, which is the basis for ensuring the data security of the whole SaaS application. The user identity is authenticated by the user identity, so that the problem that the mobile data generated under the SaaS application is unsafe due to the fact that the mobile phone number is changed and inherited by the user identity authenticated by the mobile phone number can be avoided. In addition, when the application environment identifier and the mechanism identifier are used as user identity identifiers to verify successfully, the user can be automatically authorized to login the SaaS application, so that the user is insensitive to login, the login efficiency is improved, and the use experience of the user is improved.

In an optional implementation manner, after the user is authorized to automatically log in the SaaS application when the user identity is verified to exist, when the user needs to enter the active page, the method further includes: when an entering instruction of the user is received on an active page, acquiring a user state of the user;

determining activity entry rights corresponding to the user state;

and managing the user to enter the activity page according to the activity entry authority.

After the user is authorized to automatically log in the SaaS application, when the user needs to enter a certain active page, the active page receives an entering instruction of the user, and the active entering authority of the user state is determined by acquiring the user state of the user.

In some embodiments, the electronic device may preset a plurality of user states, and set an activity entry authority for each user state. The user state may include, but is not limited to: normal users, locked users, abnormal list users, etc.

For example, if the user state of the user is a normal user, the user may enter an activity scene through the activity page; and if the user state of the user is an abnormal list user, the user is forbidden to enter an activity scene through the activity page. If the user state of the user is a locked user, the user can enter an activity scene through the activity page after unlocking.

In an alternative embodiment, the method further comprises:

responding to a viewing instruction of the user on target activity data, and acquiring a grade type and an activity validity period corresponding to the target activity data;

Determining a viewing mode of the user according to the grade type of the target activity data;

determining a viewing category of the target activity data according to the activity validity period;

allowing the user to view the target activity data in the view mode and the view category.

When the user enters an activity page to participate in an activity and needs to view certain activity data in the activity, a viewing instruction for the activity data is triggered. The target activity data refers to activity data that a user needs to view. The activity data may include, but is not limited to: task data, compliance data, lottery data, financial data, etc.

The application environment identifiers are different, generated activity data are different, activity validity periods of different activity data are different, and viewing categories of the activity data are different.

It should be appreciated that the user can only view activity data corresponding to the user identity.

In some embodiments, the electronic device may set different class types for different activity data in advance, and set a viewing manner for each class type. For example, the electronic device may preset a first hierarchical type, a second hierarchical type, and a third hierarchical type, where the first hierarchical type corresponds to a first viewing manner, the second hierarchical type corresponds to a second viewing manner, and the third hierarchical type corresponds to a third viewing manner. The first level type may be a public level, the second level type may be an internal level, and the third level type may be a privacy level.

For example, assuming that the target activity data D1 is a user name and the class type of the target activity data D1 belongs to the first class type, the electronic device determines that the viewing mode of the user is the first viewing mode, that is, allows the target activity data to be directly viewed in the SaaS system. Assuming that the target activity data D2 is lottery data, and the class type of the target activity data D2 belongs to a second class type, the electronic device determines that the viewing mode of the user is a second viewing mode, and the second viewing mode needs to be acquired by authentication according to the organization identifier, so that the same organization identifier can view all the activity data generated by the organization identifier in the SaaS application. Assuming that the target activity data D3 is financial data, and the class type of the target activity data D3 belongs to a third class type, the electronic device determines that the viewing mode of the user is a third viewing mode, and the third viewing mode is authenticated according to the application environment identifier and is verified through the mobile phone number and the verification code.

In some embodiments, the electronic device may also set different activity validity period types for different activity data in advance, and set a view category for each activity validity period. For example, the electronic device may preset a first cycle type, a second cycle type, and a third cycle type, where the first cycle type corresponds to a first view category, the second cycle type corresponds to a second view category, and the first cycle type corresponds to a third view category. The first cycle type may be disposable, the second cycle type may be short-term phase duration, and the third cycle type may be long-term validity.

For example, assuming that the target activity data D1 is disposable activity data, and the activity validity period of the target activity data D1 belongs to a first period type, the electronic device determines that the view category of the user is a first view category, and the first view category is that the user can view only when entering the SaaS application for the first time. For example, for a one-time lottery activity, the user may only view the first entry into the SaaS application, and the subsequent re-entry into the SaaS application may not be viewable if the activity is over. Assuming that the target activity data D2 is activity data with a short-term duration, and the activity validity period of the target activity data D2 belongs to a second period type, the electronic device determines that the view category of the user is a second view category, and the second view category is that the user can view only by entering the SaaS application in the short-term activity period. For example, for a 618 campaign promotion (6 months 17 to 6 months 19), a user entering the SaaS application at 6 months 17 to 6 months 19 may view the relevant campaign data for the 618 campaign promotion, and may not be able to view if entering the SaaS application beyond the period of 6 months 17 to 6 months 19. Assuming that the target activity data D3 is long-term-validity activity data, and the activity validity period of the target activity data D3 belongs to a third period type, the electronic device determines that the view category of the user is a third view category, and the third view category is that the user can view every time entering the SaaS application. For example, for a login-get-point activity, the user may view the login-get-point activity data any time he enters the SaaS application.

It should be noted that, since the same user may have different application environment identifiers, the same user cannot view the activity data that does not belong to the application environment identifiers thereof based on the different application environment identifiers, i.e. the same user logs in to use the SaaS application based on the different application environment identifiers to generate the activity data that is incompatible when viewing, and the user can only view the activity data generated by the SaaS application in one application environment identifier by means of one application environment identifier.

Illustratively, it is assumed that the user a has two application environment identifiers, namely, the application environment identifier 1 and the application environment identifier 2, respectively. The user A logs in to use the SaaS application and generates corresponding activity data based on the application environment identifier 1, the user A logs in to use the SaaS application and generates corresponding activity data based on the application environment identifier 2, the user A can only view the corresponding activity data generated in the SaaS application by taking the application environment identifier 1 as a user identity based on the application environment identifier 1, and the user A can only view the corresponding activity data generated in the SaaS application by taking the application environment identifier 2 as a user identity based on the application environment identifier 2. If the user a wants to view the corresponding activity data generated in the SaaS application by using the application environment identifier 2 as the user identity based on the application environment identifier 1, the user a has no authority. Likewise, if the user a wants to view the corresponding activity data generated in the SaaS application by using the application environment identifier 1 as the user identity based on the application environment identifier 2, the user a is not authorized.

In an alternative embodiment, the method further comprises:

when the user identity is verified to exist, acquiring the mobile phone number of the user;

judging whether the mobile phone number stored in the SaaS application database is changed or not according to the acquired mobile phone number;

and when the mobile phone number stored in the SaaS application database is determined to be changed, updating the mobile phone number stored in the SaaS application database.

In some embodiments, the electronic device may obtain the mobile phone number of the user through the third party application, or may display a mobile phone number input page, and obtain the mobile phone number input by the user through the mobile phone number input page. When the mobile phone number of the user is acquired, the electronic equipment automatically stores the mobile phone number of the user in the SaaS application database.

And the electronic equipment judges whether the mobile phone number stored in the SaaS application database is changed according to the acquired mobile phone number. If the mechanism identification is the same as the application environment identification, but the acquired mobile phone number is inconsistent with the user mobile phone number stored in the SaaS application database, which indicates that the mobile phone number of the user is changed, the acquired mobile phone number is used for covering the user mobile phone number stored in the SaaS application database, so that the update of the user mobile phone number stored in the SaaS application database is realized. And if the mechanism identifier is the same as the application environment identifier, and the acquired mobile phone number is consistent with the mobile phone number of the user stored in the SaaS application database, indicating that the mobile phone number of the user is not changed.

According to the above-mentioned alternative implementation mode, when the user identity is verified to exist, the mobile phone number of the user is obtained to judge whether the mobile phone number stored in the SaaS application database is changed, so that when the mobile phone number stored in the SaaS application database is changed, the mobile phone number stored in the SaaS application database is automatically updated. The mobile phone number of the user can be automatically updated, so that the safety of activity data generated by the user in different activity scenes can be improved.

In an alternative embodiment, to further ensure the security of the activity data based on the SaaS application, the method may further comprise:

when the user identity is verified to exist, acquiring the mobile phone number of the user from the SaaS application database;

sending a verification code to the mobile phone number, and displaying a verification code input page;

when the verification code input page receives the verification code input by the user, comparing the verification code input by the user with the transmitted verification code;

and when the verification code input by the user is compared to be consistent with the transmitted verification code, authorizing the user to automatically log in the SaaS application.

The mobile phone number is used as a basic attribute of the user and can also be used for checking the user identity. When the user identity is verified to exist based on the mechanism identity and the application environment identity, the mobile phone number of the user is further obtained from the SaaS application database, and a verification code is sent to the mobile phone number. The verification code may be a randomly combined number, letter, etc. When the verification code input page receives the verification code input by the user, the electronic equipment compares the verification code input by the user with the transmitted verification code, and when the verification code input by the user is consistent with the transmitted verification code, the user is indicated to be a trusted user, and the user is authorized to automatically log in the SaaS application.

According to the optional implementation mode, on the premise that the user identity is verified based on the mechanism identity and the application environment identity, verification is conducted again through the mobile phone number and the verification code, namely, the mobile phone number of the user is used for conducting auxiliary verification on the user identity based on the mechanism identity and the application environment identity, so that the login safety of the user is doubly guaranteed, and the safety of the activity data based on the SaaS application is further guaranteed.

In an alternative embodiment, the method further comprises:

when the verification code input by the user is inconsistent with the transmitted verification code, skipping to display the third party application;

carrying out security verification on the user through the third party application;

and when the security verification of the user is successful through the third party application, authorizing the user to automatically log in the SaaS application.

If the verification code input by the user is inconsistent with the transmitted verification code, the user is indicated to be a non-trusted user, the user can be safely verified by using a third party application, and the user is authorized to automatically log in the SaaS application when the third party application successfully verifies the user. If the third party application fails to perform security verification on the user, the user is required to log in the SaaS application by inputting an account password.

In other embodiments, if the verification code input by the user is inconsistent with the transmitted verification code, the electronic device may further send the verification code to the mobile phone number again, and when the verification code input by the user is received on the verification code input page, compare the verification code input by the user again with the retransmitted verification code, and authorize the user to automatically log in to the SaaS application only when the verification code input by the user is consistent with the transmitted verification code.

In other embodiments, if the verification code input by the user again is still inconsistent with the verification code sent again, the electronic device may also select to perform auxiliary authentication in other manners, for example, mailbox, send a short message, etc.

Fig. 2 is a functional block diagram of a security login device based on SaaS application according to a second embodiment of the present application.

In some embodiments, the SaaS application-based secure login device 20 may include a plurality of functional modules consisting of computer program segments. The computer program of each program segment of the SaaS application based secure login device 20 may be stored in a memory of the electronic device and executed by at least one processor to perform (see fig. 1 for details) the functions of the SaaS application based secure login.

In this embodiment, the security login method device 20 based on the SaaS application may be divided into a plurality of functional modules according to the functions executed by the security login method device. The functional module may include: the device comprises a detection module 201, a verification module 202, a login module 203 and an acquisition module 204. The module referred to in the present application refers to a series of computer program segments capable of being executed by at least one processor and of performing a fixed function, stored in a memory. In the present embodiment, the functions of the respective modules will be described in detail in the following embodiments.

The detection module 201 is configured to obtain a user identity of a user when detecting a login instruction of the user from a third party application to a SaaS application.

When a user enters the SaaS application through the third-party application, the user needs to log in the SaaS application. In order to realize quick and convenient login, the user identity of the user can be acquired first, and whether the user is logged in or not is determined through the user identity.

The user identity comprises an organization identity of the SaaS application and an application environment identity of the third party application.

The organization identification can be understood as an organization unique identification inside the SaaS application scene as an identification of a user engaged in a popularization marketing activity in the SaaS application. The same user is equivalent to two users in different institutional scenes. For example, the institution identification corresponding to bank a is 10001 and the institution identification corresponding to bank b is 10002.

The application environment identifier is an identity of a third party application. The third party applications may include, but are not limited to: other applications such as WeChat, payment treasury, microblog, reddish book, etc.

The verification module 202 is configured to verify whether the user id exists.

After the user identity of the user is obtained, the verification module 202 needs to verify whether the user identity exists in the SaaS application database according to the application environment identifier. Since the application environment identifier is unique, the user identity identifier created according to the application environment identifier is also unique, so that whether the user identity identifier exists in the SaaS application database can be checked according to the application environment identifier. Specifically, the application environment identifier may be searched in the SaaS application database, and when the same application environment identifier exists in the SaaS application database, whether the mechanism identifier in the user identity identifier is consistent with the mechanism identifier corresponding to the application environment identifier in the SaaS application database is further determined. And when the mechanism identification in the user identification is consistent with the mechanism identification corresponding to the application environment identification in the SaaS application database, determining that the user identification exists in the SaaS application database. When the fact that the same application environment identifier does not exist in the SaaS application database is retrieved, or when the mechanism identifier in the user identifier is inconsistent with the mechanism identifier corresponding to the application environment identifier in the SaaS application database, the user identifier is determined to not exist in the SaaS application database.

When a user logs in the SaaS application for the first time, a user identity is created based on the mechanism identity and the application environment identity. After the user identity is successfully established, the user identity and corresponding data information are automatically stored in a SaaS application database. And when the user subsequently logs in the SaaS application, the user identity mark can automatically log in the SaaS application.

The data information may include, but is not limited to: user name, user gender, login password, phone number, etc.

It should be appreciated that only one user identity associated therewith can be uniquely created based on the organization identity and the application environment identity, and that different organization identities and/or different application environment identities create different user identities.

The login module 203 is configured to authorize the user to automatically login to the SaaS application when the user identity is verified to exist.

And if the user identity mark is verified to exist in the SaaS application database, indicating that the user is an old user, performing automatic authorized login processing.

In other embodiments, if the verification module 202 verifies that the user id does not exist in the SaaS application database, it indicates that the user is a new user, and then the user is automatically registered according to the user id.

For example, assuming that the user a has two organization identifiers, namely, an organization identifier 1 and an organization identifier 2, at the same time, the user a creates a user identifier based on an application environment identifier 1 and the organization identifier 1, but the user a does not create a user identifier based on the application environment identifier 1 and the organization identifier 2, if the user a enters an active page of the organization 1 of the SaaS application based on a third party application corresponding to the application environment identifier 1, since the user identifier (the organization identifier 1+the application environment identifier 1) exists in the SaaS application database, the SaaS application will perform automatic authorized login. If the user A enters the active page of the organization 2 of the SaaS application based on the third party application corresponding to the application environment identifier 1, the user identity identifier (organization identifier 2+application environment identifier 1) does not exist in the SaaS application database, and then the user A is automatically registered for the user identity identifier based on the organization identifier 2 and the application environment identifier 1.

For example, it is assumed that the user a has two application environment identifiers that are the application environment identifier 1 and the application environment identifier 2, and the user a creates a user identity active data on an active page of a certain mechanism of the SaaS application based on the application environment identifier 1, but the user a does not create a user identity on an active page of the mechanism of the SaaS application based on the application environment identifier 2, and if the user a enters the active page of the mechanism of the SaaS application based on a third party application corresponding to the application environment identifier 1, the SaaS application will automatically determine that the user a is an old user, and perform automatic authorized login. If the user A enters the active page of the mechanism of the SaaS application based on the third party application corresponding to the application environment identifier 2, the SaaS application can automatically judge that the user A is a new user and automatically register for the user identity based on the mechanism identifier of the mechanism and the application environment identifier 2.

Through the above embodiment, the user identity identifier created based on the application environment identifier and the organization identifier is unique, which is the basis for ensuring the data security of the whole SaaS application. The user identity is authenticated by the user identity, so that the problem that the mobile data generated under the SaaS application is unsafe due to the fact that the mobile phone number is changed and inherited by the user identity authenticated by the mobile phone number can be avoided. In addition, when the application environment identifier and the mechanism identifier are used as user identity identifiers to verify successfully, the user can be automatically authorized to login the SaaS application, so that the user is insensitive to login, the login efficiency is improved, and the use experience of the user is improved.

The obtaining module 204 is configured to obtain a user status of the user when an entry instruction of the user is received on an active page.

After the user is authorized to automatically log in the SaaS application, when the user needs to enter a certain activity page, an entering instruction of the user is received on the activity page, and the user state of the user is acquired through the acquisition module 204, so that the activity entering authority of the user state is determined.

In some embodiments, the electronic device may preset a plurality of user states, and set an activity entry authority for each user state. The user state may include, but is not limited to: normal users, locked users, abnormal list users, etc.

For example, if the user state of the user is a normal user, the user may enter an activity scene through the activity page; and if the user state of the user is an abnormal list user, the user is forbidden to enter an activity scene through the activity page. If the user state of the user is a locked user, the user can enter an activity scene through the activity page after unlocking.

The obtaining module 204 is further configured to obtain, in response to a view instruction of the user on the target activity data, a class type and an activity validity period corresponding to the target activity data.

When the user enters an activity page to participate in an activity and needs to view certain activity data in the activity, a viewing instruction for the activity data is triggered. The target activity data refers to activity data that a user needs to view. The activity data may include, but is not limited to: task data, compliance data, lottery data, financial data, etc.

The application environment identifiers are different, generated activity data are different, activity validity periods of different activity data are different, and viewing categories of the activity data are different.

It should be appreciated that the user can only view activity data corresponding to the user identity.

In some embodiments, the electronic device may set different class types for different activity data in advance, and set a viewing manner for each class type. For example, the electronic device may preset a first hierarchical type, a second hierarchical type, and a third hierarchical type, where the first hierarchical type corresponds to a first viewing manner, the second hierarchical type corresponds to a second viewing manner, and the third hierarchical type corresponds to a third viewing manner. The first level type may be a public level, the second level type may be an internal level, and the third level type may be a privacy level.

For example, assuming that the target activity data D1 is a user name and the class type of the target activity data D1 belongs to the first class type, the electronic device determines that the viewing mode of the user is the first viewing mode, that is, allows the target activity data to be directly viewed in the SaaS system. Assuming that the target activity data D2 is lottery data, and the class type of the target activity data D2 belongs to a second class type, the electronic device determines that the viewing mode of the user is a second viewing mode, and the second viewing mode needs to be acquired by authentication according to the organization identifier, so that the same organization identifier can view all the activity data generated by the organization identifier in the SaaS application. Assuming that the target activity data D3 is financial data, and the class type of the target activity data D3 belongs to a third class type, the electronic device determines that the viewing mode of the user is a third viewing mode, and the third viewing mode is authenticated according to the application environment identifier and is verified through the mobile phone number and the verification code.

In some embodiments, the electronic device may also set different activity validity period types for different activity data in advance, and set a view category for each activity validity period. For example, the electronic device may preset a first cycle type, a second cycle type, and a third cycle type, where the first cycle type corresponds to a first view category, the second cycle type corresponds to a second view category, and the first cycle type corresponds to a third view category. The first cycle type may be disposable, the second cycle type may be short-term phase duration, and the third cycle type may be long-term validity.

For example, assuming that the target activity data D1 is disposable activity data, and the activity validity period of the target activity data D1 belongs to a first period type, the electronic device determines that the view category of the user is a first view category, and the first view category is that the user can view only when entering the SaaS application for the first time. For example, for a one-time lottery activity, the user may only view the first entry into the SaaS application, and the subsequent re-entry into the SaaS application may not be viewable if the activity is over. Assuming that the target activity data D2 is activity data with a short-term duration, and the activity validity period of the target activity data D2 belongs to a second period type, the electronic device determines that the view category of the user is a second view category, and the second view category is that the user can view only by entering the SaaS application in the short-term activity period. For example, for a 618 campaign promotion (6 months 17 to 6 months 19), a user entering the SaaS application at 6 months 17 to 6 months 19 may view the relevant campaign data for the 618 campaign promotion, and may not be able to view if entering the SaaS application beyond the period of 6 months 17 to 6 months 19. Assuming that the target activity data D3 is long-term-validity activity data, and the activity validity period of the target activity data D3 belongs to a third period type, the electronic device determines that the view category of the user is a third view category, and the third view category is that the user can view every time entering the SaaS application. For example, for a login-get-point activity, the user may view the login-get-point activity data any time he enters the SaaS application.

It should be noted that, since the same user may have different application environment identifiers, the same user cannot view the activity data that does not belong to the application environment identifiers thereof based on the different application environment identifiers, i.e. the same user logs in to use the SaaS application based on the different application environment identifiers to generate the activity data that is incompatible when viewing, and the user can only view the activity data generated by the SaaS application in one application environment identifier by means of one application environment identifier.

Illustratively, it is assumed that the user a has two application environment identifiers, namely, the application environment identifier 1 and the application environment identifier 2, respectively. The user A logs in to use the SaaS application and generates corresponding activity data based on the application environment identifier 1, the user A logs in to use the SaaS application and generates corresponding activity data based on the application environment identifier 2, the user A can only view the corresponding activity data generated in the SaaS application by taking the application environment identifier 1 as a user identity based on the application environment identifier 1, and the user A can only view the corresponding activity data generated in the SaaS application by taking the application environment identifier 2 as a user identity based on the application environment identifier 2. If the user a wants to view the corresponding activity data generated in the SaaS application by using the application environment identifier 2 as the user identity based on the application environment identifier 1, the user a has no authority. Likewise, if the user a wants to view the corresponding activity data generated in the SaaS application by using the application environment identifier 1 as the user identity based on the application environment identifier 2, the user a is not authorized.

The obtaining module 204 is further configured to obtain a mobile phone number of the user when the user identity is verified to exist.

In some embodiments, the obtaining module 204 of the electronic device may obtain the mobile phone number of the user through the third party application, or may display a mobile phone number input page, and obtain the mobile phone number input by the user through the mobile phone number input page. When the obtaining module 204 obtains the mobile phone number of the user, the electronic device will automatically store the mobile phone number of the user in the SaaS application database.

The electronic device determines whether the mobile phone number stored in the SaaS application database is changed according to the mobile phone number acquired by the acquiring module 204. If the mechanism identification is the same as the application environment identification, but the acquired mobile phone number is inconsistent with the user mobile phone number stored in the SaaS application database, which indicates that the mobile phone number of the user is changed, the acquired mobile phone number is used for covering the user mobile phone number stored in the SaaS application database, so that the update of the user mobile phone number stored in the SaaS application database is realized. And if the mechanism identifier is the same as the application environment identifier, and the acquired mobile phone number is consistent with the mobile phone number of the user stored in the SaaS application database, indicating that the mobile phone number of the user is not changed.

Through the above optional implementation manner, when the user identity is verified to exist, the obtaining module 204 obtains the mobile phone number of the user, so as to determine whether the mobile phone number stored in the SaaS application database is changed, thereby automatically updating the mobile phone number stored in the SaaS application database when the mobile phone number stored in the SaaS application database is changed. The mobile phone number of the user can be automatically updated, so that the safety of activity data generated by the user in different activity scenes can be improved.

The obtaining module 204 is further configured to obtain, from the SaaS application database, the mobile phone number of the user when the user identity is verified to exist.

The mobile phone number is used as a basic attribute of the user and can also be used for checking the user identity. When the user identity is verified to exist based on the organization identity and the application environment identity, the obtaining module 204 further obtains the mobile phone number of the user from the SaaS application database, and sends a verification code to the mobile phone number. The verification code may be a randomly combined number, letter, etc.

The verification module 202 is further configured to verify whether the verification code input by the user is consistent with the transmitted verification code.

When the verification code input page receives the verification code input by the user, the verification module 202 compares the verification code input by the user with the transmitted verification code, and when the verification code input by the user is consistent with the transmitted verification code, the verification module indicates that the user is a trusted user, and the user is authorized to automatically log in the SaaS application.

In the above optional implementation manner, on the premise that the existence of the user identity is verified by the verification module 202 based on the organization identity and the application environment identity, the verification is performed again by the mobile phone number and the verification code, that is, the user identity based on the organization identity and the application environment identity is verified in an auxiliary manner by using the mobile phone number of the user, so that the security of user login is doubly ensured, and the security of the activity data based on the SaaS application is further ensured.

And when the verification module 202 compares the verification code input by the user and the transmitted verification code are inconsistent, skipping to display the third party application, and carrying out security verification on the user through the third party application.

The login module 203 is further configured to authorize the user to automatically login to the SaaS application when the security verification of the user by the third party application is successful.

If the verification code input by the user is inconsistent with the transmitted verification code, the user is indicated to be a non-trusted user, the user can be safely verified by using a third party application, and the user is authorized to automatically log in the SaaS application when the third party application successfully verifies the user. If the third party application fails to perform security verification on the user, the user is required to log in the SaaS application by inputting an account password.

In other embodiments, if the verification code input by the user is inconsistent with the transmitted verification code, the electronic device may further send the verification code to the mobile phone number again, and when the verification code input by the user is received on the verification code input page, compare the verification code input by the user again with the retransmitted verification code through the verification module 202, and authorize the user to automatically log in to the SaaS application only when the verification code input by the user is consistent with the transmitted verification code.

In other embodiments, if the verification code input by the user again is still inconsistent with the verification code sent again, the electronic device may also select to perform auxiliary authentication in other manners, for example, mailbox, send a short message, etc.

The login module 203 is further configured to verify that the user is authorized to automatically login to the SaaS application when the verification code input by the user is consistent with the transmitted verification code.

When the verification code input page receives the verification code input by the user, the verification module 202 compares the verification code input by the user with the transmitted verification code, and when the verification code input by the user is consistent with the transmitted verification code, the login module 203 authorizes the user to automatically login to the SaaS application.

Fig. 3 is a schematic structural diagram of an electronic device according to a third embodiment of the present application. In the preferred embodiment of the application, the electronic device 3 comprises a memory 31, at least one processor 32, at least one communication bus 33 and a transceiver 34.

It will be appreciated by those skilled in the art that the configuration of the electronic device shown in fig. 3 is not limiting of the embodiments of the present application, and that either a bus-type configuration or a star-type configuration is possible, and that the electronic device 3 may also include more or less other hardware or software than that shown, or a different arrangement of components.

In some embodiments, the electronic device 3 is a device capable of automatically performing numerical calculation and/or information processing according to a preset or stored instruction, and its hardware includes, but is not limited to, a microprocessor, an application specific integrated circuit, a programmable gate array, a digital processor, an embedded device, and the like. The electronic device 3 may further include a user device, where the user device includes, but is not limited to, any electronic product that can interact with a user by using a keyboard, a mouse, a remote controller, a touch pad, or a voice control device, for example, a personal computer, a tablet computer, a smart phone, a digital camera, and so on.

It should be noted that the electronic device 3 is only used as an example, and other electronic products that may be present in the present application or may be present in the future are also included in the scope of the present application by way of reference.

In some embodiments, the memory 31 stores a computer program that, when executed by the at least one processor 32, performs all or part of the steps in the SaaS application based secure login method as described. The Memory 31 includes Read-Only Memory (ROM), programmable Read-Only Memory (PROM), erasable programmable Read-Only Memory (EPROM), one-time programmable Read-Only Memory (One-timeProgrammable Read-Only Memory, OTPROM), electrically erasable rewritable Read-Only Memory (EEPROM), compact disc Read-Only Memory (Compact Disc Read-Only Memory, CD-ROM) or other optical disc Memory, magnetic tape Memory, or any other medium that can be used for computer-readable storage or carrying data. Further, the computer-readable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like.

In some embodiments, the at least one processor 32 is a control unit (control unit) of the electronic device 3, connects the various components of the entire electronic device 3 using various interfaces and lines, and performs various functions of the electronic device 3 and processes data by running or executing programs or modules stored in the memory 31, and invoking data stored in the memory 31. For example, the at least one processor 32, when executing the computer program stored in the memory, implements all or part of the steps of the SaaS application-based secure login method described in the embodiments of the present application; or to implement all or part of the functionality of a security login device based on SaaS applications. The at least one processor 32 may be comprised of integrated circuits, such as a single packaged integrated circuit, or may be comprised of multiple integrated circuits packaged with the same or different functionality, including one or more central processing units (Central Processing Unit, CPU), microprocessors, digital processing chips, graphics processors, combinations of various control chips, and the like.

In some embodiments, the at least one communication bus 33 is arranged to enable connected communication between the memory 31 and the at least one processor 32 or the like. Although not shown, the electronic device 3 may further comprise a power source (such as a battery) for powering the various components, which may preferably be logically connected to the at least one processor 32 via a power management device, such that functions of managing charging, discharging, and power consumption are performed by the power management device. The power supply may also include one or more of any of a direct current or alternating current power supply, recharging device, power failure detection circuit, power converter or inverter, power status indicator, etc. The electronic device 3 may further include various sensors, bluetooth modules, wi-Fi modules, etc., which will not be described herein.

The integrated units implemented in the form of software functional modules described above may be stored in a computer readable storage medium. The software functional modules described above are stored in a storage medium and include instructions for causing an electronic device (which may be a personal computer, an electronic device, or a network device, etc.) or a processor (processor) to perform portions of the methods described in the various embodiments of the application.

In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be other manners of division when actually implemented.

The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

Claims (10)

1. A security login method based on SaaS application, the method comprising:

when a login instruction of a user entering a SaaS application from a third party application is detected, acquiring a user identity of the user, wherein the user identity comprises a mechanism identity of the SaaS application and an application environment identity of the third party application;

checking whether the user identity exists or not;

and when the user identity mark is verified to exist, authorizing the user to automatically log in the SaaS application.

2. The SaaS application based secure login method of claim 1, further comprising:

when an entering instruction of the user is received on an active page, acquiring a user state of the user;

determining activity entry rights corresponding to the user state;

and managing the user to enter the activity page according to the activity entry authority.

3. The SaaS application based secure login method of claim 1, further comprising:

responding to a viewing instruction of the user on target business data, and acquiring a class type and an activity validity period corresponding to the target activity data;

Determining a viewing mode of the user according to the grade type of the target activity data;

determining a viewing category of the target activity data according to the activity validity period;

allowing the user to view the target activity data in the view mode and the view category.

4. A SaaS application based secure login method according to any one of claims 1 to 3, wherein the method further comprises:

when the user identity is verified to exist, acquiring the mobile phone number of the user;

judging whether the mobile phone number stored in the SaaS application database is changed or not according to the acquired mobile phone number;

and when the mobile phone number stored in the SaaS application database is determined to be changed, updating the mobile phone number stored in the SaaS application database.

5. The SaaS application based secure login method of claim 4, further comprising:

and when the user identity is verified to be absent, automatically registering the user according to the user identity.

6. A SaaS application based secure login method according to any one of claims 1 to 3, wherein the method further comprises:

When the user identity is verified to exist, acquiring the mobile phone number of the user from a SaaS application database;

sending a verification code to the mobile phone number, and displaying a verification code input page;

when the verification code input page receives the verification code input by the user, comparing the verification code input by the user with the transmitted verification code;

and when the verification code input by the user is compared to be consistent with the transmitted verification code, authorizing the user to automatically log in the SaaS application.

7. The SaaS application based secure login method of claim 6, further comprising:

when the verification code input by the user is inconsistent with the transmitted verification code, skipping to display the third party application;

carrying out security verification on the user through the third party application;

and when the security verification of the user is successful through the third party application, authorizing the user to automatically log in the SaaS application.

8. A SaaS application-based secure login device, the device comprising:

the detection module is used for acquiring a user identity of the user when detecting a login instruction of the user from a third party application to a SaaS application, wherein the user identity comprises a mechanism identity of the SaaS application and an application environment identity of the third party application;

The verification module is used for verifying whether the user identity mark exists or not;

and the login module is used for authorizing the user to automatically login the SaaS application when the user identity mark is verified to exist.

9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the SaaS application based secure login method of any one of claims 1 to 7 when the computer program is executed.

10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the SaaS application based secure login method of any one of claims 1 to 7.