Tencent Cloud is the service provider (SP) and the enterprise is the identity provider (IdP) when they collaborate to implement user-based single sign-on (SSO). The user-based SSO allows an enterprise employee to access Tencent Cloud resources as a CAM sub-user.
Before implementing user-based SSO, you must establish trust between Tencent Cloud and your IdP by configuring Security Assertion Markup Language (SAML) on both sides.
Configure your IdP to Tencent Cloud.
Configure Tencent Cloud as a trusted SP in your IdP and configure the SAML assertion attributes.
Log in to the CAM console or call an API to create a CAM sub-user with the same name as that in the IdP.
After user-based SSO is configured, the enterprise employee (for example, "user1") in IdP can log in to Tencent Cloud console and access the resources he or she has permission to access with the steps below:
NameID
element in the SAML assertion to the CAM sub-user.
Was this page helpful?