tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Cloud Access Management
    Documentation
    Download PDF

    Overview of User-Based SSO

    Last updated: 2021-11-09 15:23:21
    Download PDF

      Overview

      Tencent Cloud is the service provider (SP) and the enterprise is the identity provider (IdP) when they collaborate to implement user-based single sign-on (SSO). The user-based SSO allows an enterprise employee to access Tencent Cloud resources as a CAM sub-user.

      Directions

      Configuration process

      Before implementing user-based SSO, you must establish trust between Tencent Cloud and your IdP by configuring Security Assertion Markup Language (SAML) on both sides.

      1. Configure your IdP to Tencent Cloud.

      2. Configure Tencent Cloud as a trusted SP in your IdP and configure the SAML assertion attributes.

      3. Log in to the CAM console or call an API to create a CAM sub-user with the same name as that in the IdP.

        • Purpose: to use sub-users for subsequent logins.
        • Steps: please see Creating Sub-user.

      Login and verification process

      After user-based SSO is configured, the enterprise employee (for example, "user1") in IdP can log in to Tencent Cloud console and access the resources he or she has permission to access with the steps below:

      1. "user1" initiates user-based SSO login on the sub-user login page.
      2. Tencent Cloud returns an SAML assertion authentication request to the browser.
      3. The browser forwards the SAML authentication request to the IdP.
      4. The IdP authenticates user1 and returns the generated SAML response to the browser after the authentication is passed.
      5. The browser forwards the SAML response to Tencent Cloud.
      6. Tencent Cloud verifies the authenticity and integrity of the SAML assertion based on the SAML mutual trust configuration and then maps the value of the NameID element in the SAML assertion to the CAM sub-user.
      7. After successful verification and mapping, Tencent Cloud returns the URL of Tencent Cloud console to the browser, and user1 can log in to the console successfully.
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      tencent
      Copyright © 2013-2022 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy