You can create RAM roles for three types of trusted entity: Alibaba Cloud account, Alibaba Cloud service, and identity provider (IdP). This topic describes how to create a RAM role for a trusted IdP.
- Log on to the RAM console by using an Alibaba Cloud account.
- In the left-side navigation pane, click RAM Roles.
- On the RAM Roles page, click Create RAM Role.
- In the Create RAM Role pane, select IdP for the Trusted Entity Type parameter, and then click Next.
- Specify the RAM Role Name and Note parameters.
- Select a trusted IdP, view the conditions, and then click OK.
Note Only the
saml:recipientcondition key is supported. This condition key is required and cannot be changed.
What to do next
After you create a RAM role, you can click Add Permissions to RAM Role to grant permissions to the RAM role. For more information, see Grant permissions to a RAM role.