This topic describes how to create a Security Assertion Markup Language (SAML) identity provider (IdP). Before you implement role-based single sign-on (SSO), you must create a SAML IdP.


The metadata file of your IdP is obtained. The metadata file is in the XML format. The metadata file contains the logon URLs, the public key that is used to verify SAML assertions, and the assertion format.


  1. Log on to the RAM console by using your Alibaba Cloud account.
  2. In the left-side navigation pane, choose Integrations > SSO.
  3. On the Role-based SSO tab, click the SAML tab and click Create IdP.
  4. On the Create IdP page, configure IdP Name and Remarks.
  5. In the Metadata File section, click Upload to upload the metadata file that is obtained from your IdP.
  6. Click OK.

What to do next

On the page that appears, click Create RAM Role to create RAM roles based on your business requirements. For more information, see Create a RAM role for a trusted IdP.