All Products
Search

This Product

    Resource Access Management:Configure SAML on Alibaba Cloud (as SP)

    Document Center

    Resource Access Management:Configure SAML on Alibaba Cloud (as SP)

    Last Updated:May 27, 2026

    Create a SAML identity provider (IdP) in RAM to establish trust between your external IdP and Alibaba Cloud for role-based SSO.

    Prerequisites

    Obtain the SAML 2.0 metadata document from your IdP. This XML file contains the IdP entity ID, logon endpoints, and signing certificate for verifying SAML assertions.

    Procedure

    1. Log on to the RAM console as a RAM administrator.

    2. In the left-side navigation pane, choose Integrations > SSO.

    3. On the Role-based SSO tab, click the SAML tab, and then click Create IdP.

    4. On the Create IdP page, enter an IdP Name and a Note.

    5. In the Metadata File section, click Upload Metadata File and upload the metadata document.

    6. Click Create IdP.

    What to do next

    After you create the IdP, create a RAM role that trusts it. This role defines the permissions federated users receive at logon. For more information, see Create a RAM role for a SAML provider.