All Products
Search

This Product

    Identity as a Service:EIAM SSO Quick Start

    Document Center

    Identity as a Service:EIAM SSO Quick Start

    Last Updated:Jan 23, 2026

    This tutorial explains how to create an IDaaS instance, configure a single sign-on (SSO) application, and use IDaaS to log on to Alibaba Cloud.

    Create a free instance

    Note

    You can create IDaaS 2.0 instances for free. Most features are also free. For information about billable items, see Product Billing.

    1. Go to the Alibaba Cloud IDaaS console to open the EIAM 2.0 instance list page.

    2. On the instance list page, click Create Instance. Select the checkbox to agree to the terms and create the instance.

    3. After the instance is created, click the instance ID or Access Console to go to the IDaaS Management Console. In the lower-right corner, click Trial version to start a 15-day trial. You can start one trial per instance.

    Create an account

    Identity as a Service (IDaaS) lets you manage organizational structures and enterprise accounts in the cloud, including employees in product R&D, O&M, human resources, and sales, along with temporary staff and contractors.

    IDaaS accounts can access all authorized enterprise applications through a unified logon.

    Note

    In addition to adding accounts manually, IDaaS supports several methods for importing organizations and accounts. For more information, see Account data synchronization.

    Add an account manually

    1. In the navigation pane on the left, navigate to the Accounts and Orgs page and click Create Account.

    2. Fill out the form to add your first account.

    3. After you add your first account, you can log on to the user portal from the instance logon page. The URL for the instance logon page is available at the top of the Quick Start page.

    Create an application

    Applications are a key component of IDaaS. They enable SSO to other applications and account synchronization between IDaaS and those applications.

    The following example shows how to configure an Alibaba Cloud user-based SSO application for IDaaS account logon to the Alibaba Cloud Management Console.

    Add an application

    1. Click Application Management > Applications > Add Application.

      Note

      IDaaS provides pre-integrated templates for common enterprise software. These templates are optimized for a simple, one-click setup.

      For other commercial or in-house applications, you can use the Standard Protocols and Custom Applications templates.

    2. In the application marketplace, find the Alibaba Cloud User SSO template. Click Add Application. Enter an Application Name and click Add Immediately. You are redirected to the application's configuration page.

    Configure single sign-on

    SSO requires configuration in both IDaaS and the target application. The Alibaba Cloud user-based SSO application uses the SAML 2.0 protocol and offers a one-click configuration to simplify the setup.

    Configure the IDaaS SSO application

    1. After you create the application, you are redirected to the SSO configuration panel. Some parameters are pre-filled with default values. Keep the default values.

    2. At the bottom of the configuration page, download the metadata file. This file contains all SSO configuration information. You will upload this file to Resource Access Management (RAM) in the next step.

    3. On the application authorization tab, click Authorize. Select the accounts to authorize for the application and click Save Authorization.

    Configure Alibaba Cloud Resource Access Management (RAM)

    1. By default, the IDaaS username is used as the application account name for the SSO application. First, confirm that the IDaaS username matches the corresponding username in RAM. If not, create the RAM user first. For information about how to flexibly associate application accounts, see Configure application accounts. To proceed, go to the RAM SSO configuration page.

    2. Go to the RAM SSO configuration page. Switch to the User-based SSO tab and click Edit.

    3. Set the SSO status to Enabled. Upload the metadata file that you downloaded from IDaaS.

    4. Click OK to complete the configuration. You can now use your IDaaS account to access the Alibaba Cloud User SSO application.

    Verifying the single sign-on result

    You have now configured SSO. Next, verify that you can use the application to log on to Alibaba Cloud.

    Log on to the user portal

    Note

    You can obtain the URL for the user portal from the Quick Start page, the Accounts menu, or the User Portal column on the instance list page.

    1. Open the portal URL in a browser to open the IDaaS console.

      Note

      IDaaS supports multiple logon methods. Administrators can manage these methods from the Logon menu.

    2. Use the account that you created in the previous steps to Login. You are directed to the IDaaS user portal.

    Single sign-on

    The IDaaS portal displays all applications that the administrator has configured and authorized for you.

    1. Click your SSO application to initiate the single sign-on process.

    2. After you click the application, you are logged on to Alibaba Cloud in a new browser tab.