All Products
Search

This Product

    Identity as a Service:HUAWEI CLOUD SSO

    Document Center

    Identity as a Service:HUAWEI CLOUD SSO

    Last Updated:Sep 25, 2025

    This topic describes how to configure user-based single sign-on (SSO) to HUAWEI CLOUD in IDaaS. With SSO, your enterprise members can use their enterprise accounts to log on to HUAWEI CLOUD. HUAWEI CLOUD refers to this process as federated identity authentication.

    Procedure

    1. Create an application

    1. Log on to the IDaaS console.

    2. Select an IDaaS instance and click Access Console in the Operations area.

    3. Navigate to Application > Add Application > Application Marketplace and search for HUAWEI CLOUD SSO. Click Add Application.

    4. Confirm the application name and click Add Now.

    2. Configure single sign-on for the application

    1. After you add the application, you are redirected to the Single Sign-on configuration page.

    2. Enter the Logon Link. You can obtain this link in Step 3.

      Select the application account name property. This property is used as the primary key to map to the IAM user in HUAWEI CLOUD during SSO logon.

      If you are testing, set Authorization Scope to All Users. This lets you skip assigning permissions to IDaaS accounts.

    3. In the Application Configuration Information section, click Download IdP Metadata and save the file to your computer. This file is used to establish a trust relationship from HUAWEI CLOUD to IDaaS.

    3. Configure user-based SSO in HUAWEI CLOUD

    1. Log on to the HUAWEI CLOUD IAM console.

    2. In the navigation pane on the left, click Identity Provider.

    3. Click Create Identity Provider.

    4. Enter a name and click OK.

    5. Click Modify Identity Provider or click Modify in the identity provider list.

    6. In the Metadata Configuration section, click Add File. Select the IdP Metadata file that you downloaded from IDaaS in Step 2. Click Upload File and confirm the metadata configuration. You typically do not need to change this configuration.

    7. Copy the Logon Link, paste it into the Logon Link field for the application in IDaaS (see Step 2), and then click the OK button in the HUAWEI CLOUD console to create the identity provider.

    4. Verify SSO

    You can now log on to HUAWEI CLOUD SSO. There are two ways to start an SSO session.

    1. Log on to the IDaaS application portal using an IDaaS account that has permission for the HUAWEI CLOUD SSO application. Click the HUAWEI CLOUD SSO icon to initiate SSO and log on to HUAWEI CLOUD as a federated user.

    2. In a private browser window, open the HUAWEI CLOUD logon page. Click More and select Federated User.

    3. Enter your HUAWEI CLOUD account name or tenant name, select the identity provider, and click Log On.

    4. After you click Log On, if you are already logged on to the IDaaS application portal, you are logged on directly to HUAWEI CLOUD as a federated user. Otherwise, you are redirected to the IDaaS logon page. After you log on to IDaaS, you are automatically logged on to HUAWEI CLOUD.

    5. Configure identity transformation rules

    After a federated user logs on to HUAWEI CLOUD using SSO, the default username in HUAWEI CLOUD is "FederationUser". This user can access HUAWEI CLOUD but has no permissions. You can configure identity transformation rules in the HUAWEI CLOUD IAM console to:

    • Users from an enterprise management system appear with different usernames in Huawei Cloud.

    • Grant your enterprise users permissions to use HUAWEI CLOUD resources.

    For more information, see the HUAWEI CLOUD document Configure Identity Transformation Rules.