Third-party Platform

TA3.1 version, TA supertube can be in the system management function module, set binding third-party app, to achieve:

• Login using a third-party scan the code
• In the third-party app workbench one click login TA
• Use the third-party app to receive TA dynamics

Note: This guidance does not apply to SaaS and customers logging in using LDAP authentication.

**Please follow the doc step by step to realize all the above functions **.

Currently support WeCom, DingTalk or Feishu application binding, click the product name to view the corresponding binding guide:

• WeCom
• DingTalk
• Feishu

I. Bind Third Party Applications

1.1 WeCom

Step 1 Create an app

The WeCom administrator enters the WeCom Admin console (opens new window)and creates an application in "Application Management" - "Application" - "Self-built"

• Upload application logo, if using TA logo, please click to download (opens new window)
• Fill in the application name, such as TA platform
• Fill in the application introduction
• Select visible scope, the operator himself needs to add to the visible scope, only the visible scope staff can log in to the TA platform through WeCom authorization

Step 2 Set up to enter the TA platform from the WeCom client side

Click to enter the created application, in the "Function" module at the bottom of the page, click Set "Workbench Application Home Page", and fill in the application home page address in the pop-up box: https://privatization cluster address/#/login (such as https://ta.thinkingdata.cn/#/login)

Step 3 Get WeCom account information

In the "Developer Interface" → "Web Authorization and JS-SDK" at the bottom of the page, click "Set Trusted Domain Name" and enter the trusted domain name (privatized cluster address) in the pop-up box

Step 4 Login using WeCom scan the code

In "Developer Interface" → "WeCom Authorized Login", click "Settings"

On the Settings page, select "Web Page" → "Set Authorization Callback Domain". Enter the privatization cluster address and click Save.

The above operations are completed in the settings of the WeCom Admin console. Please complete the following configuration on the TA platform.

Step 5 Binding WeCom applications in TA system management

Enter System Management, click Third Party Platform Management, select WeCom, and click Bind.

• Business ID: WeCom's Admin console "My Business" - "Business Information"
• AgentId & Secret: Created App Home

The above operation completes the binding of TA system and WeCom.

1.2 DingTalk

WARNING

Due to the DingTalk cookie security policy, you need to use Https to access the DingTalk workbench. Please contact TA operations personnel to change the ta-web component configuration after completing the following actions.

Step 1 Create an app

After logging in, enter the DingTalk open API (opens new window)and click "Build your own application" in the "Workbench"

In "In-house Development", select "H5 Micro Application" and click Create Application

• Application Type: H5 Micro Application
• Application name: such as TA platform
• Application description
• Application icon: If using TA logo, please click to download (opens new window)
• Development method: enterprise self-help development

Step 2 Set up to enter the TA platform from the DingTalk client side workbench

On the details page of the micro-application you created, select "Development Management", edit the following content and save

• Development mode: development application
• Server egress IP: List of legitimate IPs when calling the DingTalk server level API
• Application home page address: https://privatization cluster address/#/login, such as https://ta.thinkingdata.cn/#/login
• PC home page address: https://privatization cluster address/#/login

Step 3 Get DingTalk login account information

Click "Permissions Management" on the current page, set the permission range, and add "Address Book Read-Only Permissions" interface permissions

Step 4 Set up the application scope & publish the application

Select employees for authorization, only employees within the scope of use can log on to the TA platform through DingTalk authorization

Step 5 Open the login using DingTalk scan the code

In the left navigation bar, select "Login" in the "Mobile Access Application" module, and click "Create scan the code to log in to the application authorization"

• Name: such as TA platform
• Description
• Authorized LOGO address: privatization cluster address
• Callback domain name: privatization cluster address

The above operation completes the setting of the DingTalk Admin console. The following steps are the corresponding settings on the TA platform.

Step 6 Binding DingTalk application in TA system management

Enter "System Management", click "Third Party Platform Management", select DingTalk, and click Bind

• CorpID: can be found in the homepage of DingTalk development platform
• AppID & appSecret: "Application Development" → "Mobile Access Application" → View in "Login" (opens new window)
• AgentId & AppKey & AppSecret: "Application Development" → "H5 Micro Application" → Click on the created application to view

The above operation is to complete the binding of TA system and DingTalk.

1.3 Feishu

Step 1 The Feishu administrator enters the Feishu open API (opens new window), clicks "Create Application", and selects "Create Enterprise Self-built Application"

• Application type: enterprise self-built application
• Application name: such as TA platform
• Application Subtitle
• Application icon: If using TA logo, please click to download (opens new window)

Step 2 Set up to enter the TA platform from the Feishu client side workbench

Click to enter the created application, click "Application Functions" → "Web Page":

1. Click Enable Page
2. Configure desktop home page: https://privatization cluster address/#/login. such as https://ta.thinkingdata.cn/#/login
3. Configure mobile end homepage: https://privatization cluster address/#/login

Step 3 Set up the white list of the login-free authorization code URL

Click "Security Settings" to configure the redirect URL: https://privatized cluster address/v1/sso/thirdLogin/callback

Step 4 Configure the message receiving function

Click "Rights Management" to add "Get user userid", "Send message as an application", "Send message permission to multiple users in batch"

Click "Application Function" → "Robot", click "Enable Robot"

Step 5 Set up the app visible scope & publish the app

Select employees for authorization, only employees within the visible scope can log on to the TA platform through Feishu authorization

note

Versions involving changes in personnel permissions need to be reviewed by the Feishu administrator. After the review is passed, the release candidate can take effect.

The above operations will complete the application settings of the Feishu open API. Please complete the following configuration on the TA platform.

Step 6 Binding Feishu applications in TA system management

Enter "System Management", click "Third Party Platform Management", select Feishu, and click Bind.

• App ID & App Secret: View in Created App Credentials and Basic Information

The above operation completes the binding of TA system and Feishu.

II. Bind TA Account

After the supertube completes the binding of the TA system and the third-party app, TA members can bind their personal accounts.

2.1 Bind Existing TA account

(1) After logging in, complete the binding on the "Personal Settings" page

TA members enter the "Personal Settings" page and click Bind Personal Account. Take WeCom as an example, click Bind on the "Personal Settings" page, and scan the code to complete the binding of WeCom account and TA account

• Note: Only members within the visible scope are applied to complete the binding

(2) Complete the binding on the login page

On the TA login page, click the application login portal, scan the code, enter the TA account password, and click Bind

2.2 Get TA account through third-party app

After the super management completes the binding of the third-party app in the system management, the user can create a TA account by scanning the code on the TA login page

• Note: Only members within the visible scope can be created

The new account created has no project permission by default. You need to contact the administrator to add an account to the project in the project management to complete the project authorization.

III. Unbind Account

The third-party account and TA account are bound one-to-one. If you want to switch the binding relationship when you prompt the account to be bound, you can unbind the current account and bind the new account again:

(1) **S**can the code to log in to the bound account

(2) Enter the **'**Personal Settings"**'**** page to unbind the current ****account**

• The untied account can only be logged in through the TA account password. If the account continues to be used, please make sure to remember the account name and password

**(3) ****Log in to the TA account to be bound to complete the binding again**