You can create RAM roles for three types of trusted entity: Alibaba Cloud account, Alibaba Cloud service, and identity provider (IdP). This topic describes how to create a RAM role for a trusted IdP.


  1. Log on to the RAM console by using an Alibaba Cloud account.
  2. In the left-side navigation pane, click RAM Roles.
  3. On the RAM Roles page, click Create RAM Role.
  4. In the Create RAM Role pane, select IdP for the Trusted Entity Type parameter, and then click Next.
  5. Specify the RAM Role Name and Note parameters.
  6. Select a trusted IdP, view the conditions, and then click OK.
    Note Only the saml:recipient condition key is supported. This condition key is required and cannot be changed.

What to do next

After you create a RAM role, you can click Add Permissions to RAM Role to grant permissions to the RAM role. For more information, see Grant permissions to a RAM role.