This topic describes how to configure metadata for role-based single sign-on (SSO) based on SAML 2.0, to establish trust between your identity provider (IdP) and Alibaba Cloud (service provider).


  1. Log on to the RAM console with an Alibaba Cloud account.
  2. In the left-side navigation pane, click SSO.
  3. On the Role-based SSO tab, click Create IdP.
  4. Specify the IdP Name and Note parameters.
  5. Click Upload under Metadata File to upload the SAML metadata file.
    Note The SAML metadata file, usually in the XML format, is provided by your IdP. The file contains the logon URLs, public key for verifying SAML assertions, and assertion format.
  6. Click OK.

What to do next

You can click Create RAM Role on the page that appears to create RAM roles based on your business requirements. For information about how to create RAM roles, see Create a RAM role for a trusted IdP.