All Products
Search

This Product

    Resource Access Management:Manage a SAML IdP

    Document Center

    Resource Access Management:Manage a SAML IdP

    Last Updated:Feb 02, 2026

    To enable single sign-on (SSO) from your corporate identity provider (IdP) to Alibaba Cloud, you must create a Security Assertion Markup Language (SAML) IdP in Resource Access Management (RAM). This topic describes how to create, view, modify, and delete a SAML IdP.

    Create a SAML IdP

    Before you create a SAML IdP in RAM, you must obtain the SAML metadata document from your corporate IdP. This XML document contains the issuer details, endpoint URLs, and public key required to establish trust.

    1. Log on to the Resource Access Management (RAM) console as a RAM administrator.

    2. In the left-side navigation pane, choose Integrations > SSO.

    3. On the Role-based SSO tab, click the SAML tab and click Create IdP.

    4. On the Create IdP page, configure IdP Name and Description.

    5. In the Metadata File section, click Upload Metadata File to upload the metadata file that is obtained from your IdP.

    6. Click Create IdP.

    View a SAML IdP's details

    1. Log on to the RAM console as a RAM administrator.

    2. In the left-side navigation pane, choose Integrations > SSO.

    3. On the Role-based SSO tab, click the SAML tab and click the IdP that you want to view.

    4. In the Basic Information section, review the IdP's details, including IdP Name, IdP Type, Created At, Updated At, ARN, and Description.

    Modify a SAML IdP

    You can modify the description and metadata file for an existing SAML IdP.

    1. Log on to the RAM console as a RAM administrator.

    2. In the left-side navigation pane, choose Integrations > SSO.

    3. On the Role-based SSO tab, click the SAML tab and click the target IdP.

    4. On the IdP details page, do one of the following:

      • To modify the description, click Edit next to Description.

      • To update the metadata, click Replace Metadata File and upload the new document.

        Warning

        Ensure that you upload a valid metadata document from your IdP. An incorrect file will cause SSO to fail.

    Delete a SAML IdP

    1. Log on to the RAM console as a RAM administrator.

    2. In the left-side navigation pane, choose Integrations > SSO.

    3. On the Role-based SSO tab, click the SAML tab. Then, find the target IdP and click Delete IdP in the Actions column.

    4. In the Delete IdP message, click Delete IdP.

      Warning

      After you delete a SAML IdP, users from that IdP can no longer log on to Alibaba Cloud. All RAM roles that trust this IdP will become unusable for SSO.