Skip to main content

Isolation Solution Without CAM Sub-accounts

Applicable Scenarios

Suitable for enterprises or platforms with white-label/brand customization requirements: Users (employees or external users) only interact with enterprise/platform-owned domains without exposure to Tencent Cloud; can integrate with existing SSO/LDAP systems or self-owned account systems to achieve unified login.

Solution Overview

This solution integrates the TCB login process with the self-owned identity system by using enterprise/platform systems as an authorization middleware layer, thus avoiding the need to create Tencent Cloud accounts for each user:

  • Users log in using self-owned accounts (such as employee ID, corporate email, or platform accounts) without requiring Tencent Cloud accounts
  • Users can be internal enterprise employees or external users/customers of the platform
  • All authorization processes are completed under the self-owned domain (auth.your-domain.com)
  • The system is responsible for maintaining the mapping relationships between users and TCB environments.
  • A dedicated TCB environment is automatically created for users upon first login

Overall Architecture

Login Process

Responsibilities of All Parties

RoleResponsibilities
Enterprise/Platform SystemsUser identity authentication; maintain user↔environment mapping; act as an agent to apply for device codes and rewrite authorization links to own domain; environments are automatically created upon first login
OpenClawActs as the access point for users, initiating the login process on their behalf and displaying the authorization link and login result
Tencent Cloud TCBProvides capabilities including environment creation, device code authorization, and temporary credential issuance

Applicable Scenarios

  • White-label/OEM Requirements: Enterprises do not want users to be exposed to the Tencent Cloud™ brand, providing AI development environments under their own brand
  • For External Users: SaaS platforms, education platforms, etc., provide AI development environments for external users/customers, with users not needing to care about the underlying cloud services.
  • Existing SSO System: The enterprise has a unified identity authentication system (LDAP, WeCom, DingTalk, etc.) and hopes to integrate login.
  • Compliance Requirements: Enterprises need to autonomously control the mapping relationships between users and cloud resources.
  • Fine-grained Authorization: Enterprises wish to autonomously control the list of environments accessible to users.
Getting Started

Let users be aware of only your brand, with TCB silently supporting from behind.