This topic describes how to create a SAML identity provider (IdP) in Resource Access Management (RAM). This process establishes a trust relationship between your external IdP and Alibaba Cloud, which is the first step in configuring role-based single sign-on (SSO).
Prerequisites
Before you begin, you must obtain the SAML 2.0 metadata document from your IdP. This XML file contains the IdP's configuration information, such as its entity ID, logon endpoints, and the public signing certificate required to verify SAML assertions.
Procedure
Log on to the Resource Access Management (RAM) console as a RAM administrator.
In the left-side navigation pane, choose .
Click the Role-based SSO tab and SAML sub-tab.
Click Create IdP.
On the Create IdP page, configure the following parameters:
IdP Name: Enter a descriptive name for your IdP. The name must be unique within your Alibaba Cloud account.
Metadata File: Click Upload Metadata File and select the SAML metadata XML file that you obtained from your IdP.
Review the information and click Create IdP.
What to do next
After you create the SAML IdP, you must create a RAM role that trusts it. This role defines the permissions that federated users will receive when they log on. For more information, see Create a RAM role for a SAML IdP.