This topic describes how to configure metadata for role-based single sign-on (SSO) to make sure that your identity provider (IdP) is trusted by Alibaba Cloud (service provider).
Conventions for policy syntax
The metadata file of your IdP is obtained. The metadata file is in the XML format. The metadata file contains the logon URLs, the public key that is used to verify SAML assertions, and the assertion format.
Procedure
Log on to the Resource Access Management (RAM) console as a RAM administrator.
In the left-side navigation pane, choose .
On the Role-based SSO tab, click the SAML tab and click Create IdP.
On the Create IdP page, configure IdP Name and Description.
In the Metadata File section, click Upload Metadata File to upload the metadata file that is obtained from your IdP.
Click Create IdP.
What to do next
Create a RAM role for role-based SSO. For more information, see Create a RAM role for a SAML IdP.