This topic describes how to create a RAM role for a trusted identity provider (IdP). You can create a RAM role for three types of trusted entities: trusted Alibaba Cloud accounts, trusted Alibaba Cloud services, and trusted IdPs.
- Log on to the RAM console.
- In the left-side navigation pane, click RAM Roles.
- Click Create RAM Role, select IdP, and then click Next.
- Enter a RAM role name and description.
- Select a trusted IdP and click OK.
Note In the Condition Keyword column, only the keyword
saml:recipient(which is required and cannot be modified) is currently allowed.
What to do next
After you create a RAM role, you can click Add Permissions to RAM Role to grant permission to this role. For more information, see Grant permission to a RAM user.