# Third-party Platform
TA3.1 version, TA supertube can be in the system management function module, set binding third-party app, to achieve:
- Login using a third-party scan the code
- In the third-party app workbench one click login TA
- Use the third-party app to receive TA dynamics
Note: This guidance does not apply to SaaS and customers logging in using LDAP authentication.
**Please follow the doc step by step to realize all the above functions **.
Currently support WeCom, DingTalk or Feishu application binding, click the product name to view the corresponding binding guide:
# I. Bind Third Party Applications
# 1.1 WeCom
Step 1 Create an app
The WeCom administrator enters the WeCom Admin console (opens new window)and creates an application in "Application Management" - "Application" - "Self-built"
- Upload application logo, if using TA logo, please click to download (opens new window)
- Fill in the application name, such as TA platform
- Fill in the application introduction
- Select visible scope, the operator himself needs to add to the visible scope, only the visible scope staff can log in to the TA platform through WeCom authorization
Step 2 Set up to enter the TA platform from the WeCom client side
Click to enter the created application, in the "Function" module at the bottom of the page, click Set "Workbench Application Home Page", and fill in the application home page address in the pop-up box: https://SERVER_ADDRESS/#/login (such as https://ta.thinkingdata.cn/#/login)
Step 3 Get WeCom account information
In the "Developer Interface" → "Web Authorization and JS-SDK" at the bottom of the page, click "Set Trusted Domain Name" and enter the trusted domain name (self-hosting cluster address) in the pop-up box
Step 4 Login using WeCom scan the code
In "Developer Interface" → "WeCom Authorized Login", click "Settings"
On the Settings page, select "Web Page" → "Set Authorization Callback Domain". Enter the self-hosting cluster address and click Save.
The above operations are completed in the settings of the WeCom Admin console. Please complete the following configuration on the TA platform.
Step 5 Binding WeCom applications in TA system management
Enter System Management, click Third Party Platform Management, select WeCom, and click Bind.
- Business ID: WeCom's Admin console "My Business" - "Business Information"
- AgentId & Secret: Created App Home
The above operation completes the binding of TA system and WeCom.
# 1.2 DingTalk
WARNING
Due to the DingTalk cookie security policy, you need to use Https to access the DingTalk workbench. Please contact TA operations personnel to change the ta-web component configuration after completing the following actions.
Step 1 Create an app
After logging in, enter the DingTalk open API (opens new window)and click "Build your own application" in the "Workbench"
In "In-house Development", select "H5 Micro Application" and click Create Application
- Application Type: H5 Micro Application
- Application name: such as TA platform
- Application description
- Application icon: If using TA logo, please click to download (opens new window)
- Development method: enterprise self-help development
Step 2 Set up to enter the TA platform from the DingTalk client side workbench
On the details page of the micro-application you created, select "Development Management", edit the following content and save
- Development mode: development application
- Server egress IP: List of legitimate IPs when calling the DingTalk server level API
- Application home page address: https://SERVER_ADDRESS/#/login, such as https://ta.thinkingdata.cn/#/login
- PC home page address: https://SERVER_ADDRESS/#/login
Step 3 Get DingTalk login account information
Click "Permissions Management" on the current page, set the permission range, and add "Address Book Read-Only Permissions" interface permissions
Step 4 Set up the application scope & publish the application
Select employees for authorization, only employees within the scope of use can log on to the TA platform through DingTalk authorization
Step 5 Open the login using DingTalk scan the code
In the left navigation bar, select "Login" in the "Mobile Access Application" module, and click "Create scan the code to log in to the application authorization"
- Name: such as TA platform
- Description
- Authorized LOGO address: SERVER_ADDRESS
- Callback domain name: SERVER_ADDRESS
The above operation completes the setting of the DingTalk Admin console. The following steps are the corresponding settings on the TA platform.
Step 6 Binding DingTalk application in TA system management
Enter "System Management", click "Third Party Platform Management", select DingTalk, and click Bind
- CorpID: can be found in the homepage of DingTalk development platform
- AppID & appSecret: "Application Development" → "Mobile Access Application" → View in "Login" (opens new window)
- AgentId & AppKey & AppSecret: "Application Development" → "H5 Micro Application" → Click on the created application to view
The above operation is to complete the binding of TA system and DingTalk.
# 1.3 Feishu
Step 1 The Feishu administrator enters the Feishu open API (opens new window), clicks "Create Application", and selects "Create Enterprise Self-built Application"
- Application type: enterprise self-built application
- Application name: such as TA platform
- Application Subtitle
- Application icon: If using TA logo, please click to download (opens new window)
Step 2 Set up to enter the TA platform from the Feishu client side workbench
Click to enter the created application, click "Application Functions" → "Web Page":
- Click Enable Page
- Configure desktop home page: https://SERVER_ADDRESS/#/login. such as https://ta.thinkingdata.cn/#/login
- Configure mobile end homepage: https://SERVER_ADDRESS/#/login
Step 3 Set up the white list of the login-free authorization code URL
Click "Security Settings" to configure the redirect URL: https://SERVER_ADDRESS/v1/sso/thirdLogin/callback
Step 4 Configure the message receiving function
Click "Rights Management" to add "Get user userid", "Send message as an application", "Send message permission to multiple users in batch"
Click "Application Function" → "Robot", click "Enable Robot"
Step 5 Set up the app visible scope & publish the app
Select employees for authorization, only employees within the visible scope can log on to the TA platform through Feishu authorization
note
Versions involving changes in personnel permissions need to be reviewed by the Feishu administrator. After the review is passed, the release candidate can take effect.
The above operations will complete the application settings of the Feishu open API. Please complete the following configuration on the TA platform.
Step 6 Binding Feishu applications in TA system management
Enter "System Management", click "Third Party Platform Management", select Feishu, and click Bind.
- App ID & App Secret: View in Created App Credentials and Basic Information
The above operation completes the binding of TA system and Feishu.
# II. Bind TA Account
After the supertube completes the binding of the TA system and the third-party app, TA members can bind their personal accounts.
# 2.1 Bind Existing TA account
(1) After logging in, complete the binding on the "Personal Settings" page
TA members enter the "Personal Settings" page and click Bind Personal Account. Take WeCom as an example, click Bind on the "Personal Settings" page, and scan the code to complete the binding of WeCom account and TA account
- Note: Only members within the visible scope are applied to complete the binding
(2) Complete the binding on the login page
On the TA login page, click the application login portal, scan the code, enter the TA account password, and click Bind
# 2.2 Get TA account through third-party app
After the super management completes the binding of the third-party app in the system management, the user can create a TA account by scanning the code on the TA login page
- Note: Only members within the visible scope can be created
The new account created has no project permission by default. You need to contact the administrator to add an account to the project in the project management to complete the project authorization.
# III. Unbind Account
The third-party account and TA account are bound one-to-one. If you want to switch the binding relationship when you prompt the account to be bound, you can unbind the current account and bind the new account again:
(1) Scan the code to log in to the bound account
**(2) Enter the 'Personal Settings"' page to unbind the current **account
- The untied account can only be logged in through the TA account password. If the account continues to be used, please make sure to remember the account name and password
**(3) **Log in to the TA account to be bound to complete the binding again