All Products
Document Center

Resource Access Management:Configure the SAML settings of Alibaba Cloud for role-based SSO

Last Updated:Feb 28, 2024

This topic describes how to configure metadata for role-based single sign-on (SSO) to make sure that your identity provider (IdP) is trusted by Alibaba Cloud (service provider).

Conventions for policy syntax

The metadata file of your IdP is obtained. The metadata file is in the XML format. The metadata file contains the logon URLs, the public key that is used to verify SAML assertions, and the assertion format.


  1. Log on to the Resource Access Management (RAM) console with an Alibaba Cloud account.

  2. In the left-side navigation pane, choose Integrations > SSO.

  3. On the Role-based SSO tab, click the SAML tab and click Add IdP.

  4. On the Create IdP page, configure IdP Name and Remarks.

  5. In the Metadata File section, click Upload File to upload the metadata file that is obtained from your IdP.

  6. Click OK.

What to do next

Create a RAM role for role-based SSO. For more information, see Create a RAM role for a SAML IdP.