CloudSSO:Overview

procedure

1. Specify Alibaba Cloud as a trusted SAML SP in an IdP and configure SAML assertions. For example, configure the NameID attribute in the assertions.

   The operations vary based on the IdP. For more information, see the documentations of IdPs.

2. Specify the IdP as a trusted SAML IdP in the Cloud SSO console.

   To configure an IdP, you can select Manual Configuration or Upload Metadata File. If you select Manual Configuration, you can configure only the following parameters that are required for SSO to take effect: Entity ID, Logon URL, and Certificate. If you need to configure more parameters, create the IdP metadata file by using the IdP client and select Upload Metadata File. After you configure the IdP, enable SSO. For more information, see Configure SSO.

3. Use System for Cross-domain Identity Management (SCIM) to synchronize users, or create users that have the same usernames as the IdP users in the Cloud SSO console.

   Use System for Cross-domain Identity Management (SCIM) to synchronize users, or create users that have the same usernames as the IdP users in the CloudSSO console. For more information about how to use SCIM synchronization, see Synchronize users or groups in Azure AD by using SCIM and Synchronize users or groups in Okta by using SCIM.

   If the IdP contains a small number of users, you can create users that have the same usernames as the IdP users in the CloudSSO console. When you create a user, set the name of the user to the value of the NameID attribute in the SAM assertions. For more information, see Create users.

4. Log on to the Alibaba Cloud Management Console as an IdP user by using SSO.

References

• Configure SSO from Azure AD to CloudSSO

• Configure SSO from Okta to CloudSSO

• Configure SSO from AD FS to CloudSSO

• Configure SSO from Shibboleth to CloudSSO

FAQ

FAQ about SSO