OneLogin is a cloud identity access management solution provider. You can log in to all the internal system platforms of an enterprise through OneLogin’s identity verification system with one click. Tencent Cloud supports identity federation with SAML 2.0 (Security Assertion Markup Language 2.0). SAML 2.0 is an open standard used by many identity providers (IdPs) such as OneLogin. Federated single sign-on can be implemented by using an identity provider, and admins can authorize users that have their federated identity authenticated to log in to the Tencent Cloud console or to call Tencent Cloud APIs, without requiring the creation of a CAM sub-user for each employee of the enterprise or organization.
This tutorial describes how to configure OneLogin single sign-on for Tencent Cloud.
- This step creates a OneLogin enterprise application. If you’re already using one, please skip this step and go straight to CAM configuration.
- This document uses the application name test as an example.
- This step configures the trust relationship between OneLogin and Tencent Cloud.
- In this example, the SAML identity provider and role name are both test.
This step maps OneLogin application attributes to Tencent Cloud attributes to create trust between the OneLogin application and Tencent Cloud.
- If your Tencent Cloud account is located on Tencent Cloud China website, perform configuration as follows:
SAML Consumer URL: https://cloud.tencent.com/login/saml
SAML Audience: https://cloud.tencent.com
SAML Recipient: https://cloud.tencent.com/login/saml- If your Tencent Cloud account is located on Tencent Cloud International website, perform configuration as follows:
SAML Consumer URL: https://intl.cloud.tencent.com/login/saml
SAML Audience: https://intl.cloud.tencent.com
SAML Recipient: https://intl.cloud.tencent.com/login/saml
Field name | Flags | Value | Source Attribute |
---|---|---|---|
https://cloud.tencent.com/SAML/Attributes/Role | Include in SAML assertion | Macro | qcs::cam::uin/{AccountID}:roleName/{RoleName1};qcs::cam::uin/{AccountID}:roleName/{RoleName2},qcs::cam::uin/{AccountID}:saml-provider/{ProviderName} |
https://cloud.tencent.com/SAML/Attributes/RoleSessionName | Include in SAML assertion | Macro | Test |
Replace {AccountID}, {RoleName}, and {ProviderName} of the Role source attribute with the following content:
- {AccountID}: Replace this with your Tencent Cloud account ID. You can view this at Account Information - Console.
- {RoleName}: Replace this with the role name you created on Tencent Cloud. You can view this at Role - Console.
- {ProviderName}: Replace this with the SAML identity provider name that you created on Tencent Cloud. You can view this at Identity Providers - Console.
Check your email for the password of this account, or click More Actions and select Change Password to change the password.
Was this page helpful?