Connect to a Lark data source

Limitations

You can enable a maximum of five data sources at a time. Only one of them can be a custom data source. If you reach this quota, you must disable an existing data source to enable a new one.

Configure Lark data source

1. Log on to the SASE console.

2. In the left-side navigation pane, choose Identity Authentication > Identity Access.

3. On the Identity synchronization tab, click Create IdP.

4. In the Create IdP panel, select Lark, click Configure, and then follow the steps in the wizard to complete the configuration.

5. In the Basic Configurations step, configure the following parameters.

   Parameter	Description
   IdP Name	The name of the Lark data source. The name must be 2 to 100 characters in length and can contain Chinese characters, letters, digits, hyphens (-), and underscores (_).
   Description	The description of the configuration. The description is displayed on the SASE client as the logon title to help users identify the data source at logon.
   IdP Status	Configure the status for the identity source. The valid values are: Enabled: The identity source is enabled after it is created. Closed: The identity source is disabled after it is created. Important If you disable an identity source, end users cannot use the SASE app to access internal applications. Proceed with caution.
   App ID	The ID of the enterprise-built application in the Lark Open Platform.
   App Secret	The secret of the enterprise-built application in the Lark Open Platform.
   Advanced Settings > Event Subscription	After you configure event subscription, the organizational structure is synchronized to SASE. This ensures that SASE security policies are promptly updated when your organizational structure changes. Encrypt Key Obtain this value from the Contacts Synchronization page on the Lark Open Platform. Verification Token Obtain this value from the Contacts Synchronization page of your target application on the Lark Open Platform. Request URL: This value is used to configure a redirect URL on the Lark Open Platform. Subscribed events: Department Created, Department Deleted, Department Information Changed, Employee Resigned, and Employee Information Changed.
   Redirect URL	A fixed value: https://login.aliyuncsas.com/open-dev/feishu. This value is used to configure the redirect URL in Lark Open Platform > Developer Console > Enterprise-built Application > Security Settings.
   Automatic Synchronization	After you enable Automatic Synchronization, the system automatically synchronizes information from Lark based on the synchronization mode. If you do not enable Automatic Synchronization, you must manually synchronize the organizational structure. For more information, see View synchronization records.
   Synchronize User Information	After you enable Synchronize User Information, the system automatically synchronizes employee information from Lark at the interval specified by Automatic Synchronization Cycle. Note If Automatic Synchronization is disabled, the Synchronize User Information feature is also disabled.
   Automatic Synchronization Cycle	Set the Automatic Synchronization Cycle interval. The value can be from 1 to 24 hours.
   Logo	Upload a custom logo.

6. Click Connectivity Test. After the test is successful, click Next.

   Note

   If the Connection Failed message appears, verify that the information you entered is correct.

7. In the Synchronization Settings step, configure the synchronization scope for the organizational structure and map the synchronization fields. Then, click Ok.

   Parameter	Description
   Organizational Structure Synchronization	Configure the synchronization scope for the organizational structure. Synchronize All: Synchronizes the entire organizational structure from Lark to SASE. Partially Synchronize: Synchronizes only the organizational units that you select.
   Field Synchronization Mapping	Map the organizational structure fields from Lark to the corresponding fields in SASE. Note If the built-in Local Field After Mapping of the SASE system do not meet your business requirements, you can click View Extended Fields in the upper-right corner of the list. In the View Extended Fields panel, you can add, edit, or delete extended fields.

View synchronization records

1. On the Identity synchronization tab, find the IdP that you created and click Synchronize Records in the Actions column.

2. On the Synchronize Records page, view the synchronization history for the IdP.

3. In the Synchronization Task area on the left, click a specific task to view its details in the list on the right.

   

4. Click Details in the Actions column of a task to view the field information from the Third-party Data Source and the SASE Data Source for that synchronization.

Disable automatic synchronization

• On the Identity synchronization tab, find the IdP and turn off the switch in the Automatic Synchronization column.

• In the Edit IdP panel, turn off the automatic synchronization switch.

Edit Lark data source

On the Identity synchronization page, find the Lark data source and click Edit in the Actions column.

Disable Lark data source

On the Identity synchronization page, find the Lark data source and turn off the switch in the IdP Status column.

Delete Lark data source

On the Identity synchronization page, find the Lark data source and click Delete in the Actions column.

Related topics

Configure a custom data source

If your enterprise does not use an existing data source, you can use the custom data source provided by SASE to build an organizational structure. For more information, see Connect to a custom data source.

Connect to a third-party data source

If your enterprise already uses LDAP, DingTalk, WeCom, Lark, or IDaaS to manage its organizational structure, you can connect that data source to SASE.

• Connect to an LDAP data source

• Connect to a DingTalk data source

• Connect to a WeCom data source

• Connect to an IDaaS data source

Configure a user group

To create user groups separate from your organizational structure, see User group management.