This topic describes how to create a Resource Access Management (RAM) role for a trusted identity provider (IdP). This type of RAM role is used to implement single sign-on (SSO) between Alibaba Cloud and a trusted IdP.
- Log on to the RAM console by using your Alibaba Cloud account.
- In the left-side navigation pane, click RAM Roles.
- On the RAM Roles page, click Create RAM Role.
- In the Create RAM Role panel, select IdP for Trusted entity type and click Next.
- Specify the RAM Role Name and Note parameters.
- Select a trusted IdP, view the conditions, and then click OK. Note Only the
saml:recipientcondition key is supported. This condition key is required and cannot be changed.
What to do next
After you create a RAM role, the RAM role has no permissions. You can grant permissions to the RAM role. For more information, see Grant permissions to a RAM role.