All Products
Search
Document Center

Resource Access Management:Manage a SAML IdP

Last Updated:Jun 28, 2023

Before you implement role-based single sign-on (SSO), you must create a Security Assertion Markup Language (SAML) identity provider (IdP). This topic describes how to create, view, modify, and delete a SAML IdP.

Create a SAML IdP

Before you create a SAML IdP, make sure that you obtained the metadata file of the IdP. The metadata file is in the XML format. The metadata file contains the logon URLs, the public key that is used to verify SAML assertions, and the assertion format.

  1. Log on to the Resource Access Management (RAM) console with an Alibaba Cloud account.

  2. In the left-side navigation pane, choose Integrations > SSO.

  3. On the Role-based SSO tab, click the SAML tab and click Add IdP.

  4. On the Create IdP page, configure IdP Name and Remarks.

  5. In the Metadata File section, click Upload File to upload the metadata file that is obtained from your IdP.

  6. Click OK.

View the basic information about a SAML IdP

  1. Log on to the RAM console with an Alibaba Cloud account.

  2. In the left-side navigation pane, choose Integrations > SSO.

  3. On the Role-based SSO tab, click the SAML tab and click the IdP whose basic information you want to modify.

  4. In the IdP Details section, view the basic information about the IdP, such as IdP Name, IdP Type, Created At, Updated At, ARN, and Remarks.

Modify the basic information about a SAML IdP

You can modify only the description and metadata file.

  1. Log on to the RAM console with an Alibaba Cloud account.

  2. In the left-side navigation pane, choose Integrations > SSO.

  3. On the Role-based SSO tab, click the SAML tab and click the IdP whose basic information you want to modify.

  4. Modify the basic information about a SAML IdP

    • To modify the IdP description, click Edit to the right of Remarks.

    • To upload another metadata file, click Replace Metadata.

      Warning

      Upload a valid metadata file that you obtained from the IdP. Otherwise, single sign-on (SSO) fails.

Delete a SAML IdP

  1. Log on to the RAM console with an Alibaba Cloud account.

  2. In the left-side navigation pane, choose Integrations > SSO.

  3. On the Role-based SSO tab, click the SAML tab. Then, find the SAML IdP that you want to delete and click Remove in the Actions column.

  4. In the Remove IdP message, click OK.

    Warning

    After you delete a SAML IdP, role-based SSO cannot be implemented between your business system and RAM.