This topic describes how to configure Alibaba Cloud as a trusted SAML service provider (SP) in your identity provider (IdP) during role-based single sign-on (SSO).
- Find the SAML SP metadata URL of Alibaba Cloud in the RAM console:
- Log on to the RAM console with an Alibaba Cloud account.
- In the left-side navigation pane, click SSO.
- On the Role-based SSO tab, find the SAML SP metadata URL.
- Create an SAML SP in your IdP and configure Alibaba Cloud as the relying party by
using one of the following methods:
- Copy and paste the SAML SP metadata URL of Alibaba Cloud into your IdP.
- If your IdP does not support URL configuration, download the SAML metadata file from the URL. Then, upload the SAML metadata file when you create an SAML SP.
- If the SAML metadata file cannot be uploaded to your IdP, configure the following
RelayState: Optional. If the
RelayStateparameter is available in your IdP, set this parameter to the URL that you want to visit. If this parameter is unspecified, you will be redirected to the homepage of the Alibaba Cloud console after SSO succeeds.Note You can only specify a URL in the
*.console.alibabacloud.comdomain for the
What to do next
After you configure Alibaba Cloud as a trusted SAML SP, you must configure SAML assertions in your IdP. For more information, see SAML assertions for role-based SSO.