This topic describes how to configure Alibaba Cloud as a trusted SAML service provider (SP) in your identity provider (IdP) during user-based single sign-on (SSO).
- Find the SAML SP metadata URL from the Alibaba Cloud RAM console.
- Log on to the RAM console with an Alibaba Cloud account.
- In the left-side navigation pane, click SSO.
- Click the User-based SSO tab.
- In the SSO Settings section, find the value of the SAML Service Provider Metadata URL parameter.
- Create an SAML SP in your IdP and configure Alibaba Cloud as the relying party by
using one of the following methods:
- Copy and paste the SAML SP metadata URL of Alibaba Cloud into your IdP.
- If your IdP does not support URL configuration, download the SAML metadata file from the URL. Then, upload the SAML metadata file when you create an SAML SP.
- If the SAML metadata file cannot be uploaded to your IdP, configure the following
Entity ID: the value of the
entityIDattribute in the
md:EntityDescriptorelement of the metadata XML file.
ACS URL: the value of the
Locationattribute in the
md:AssertionConsumerServiceelement of the metadata XML file.
RelayState: Optional. If the
RelayStateparameter is available in your IdP, set this parameter to the URL that you want to visit. If this parameter is unspecified, you will be redirected to the homepage of the Alibaba Cloud console after SSO succeeds.Note You can only specify a URL in the
*.console.alibabacloud.comdomain for the
What to do next
After you configure Alibaba Cloud as a trusted SAML SP, you must configure SAML assertions in your IdP. For more information, see SAML assertions for user-based SSO.