To make sure that a user in the enterprise’s identity system (your IdP) can log in to Tencent Cloud (the SP) via user-based SSO, you need to configure SAML for Tencent Cloud in IdP to make your IdP trust Tencent Cloud.
- Obtain the URL of SAML SP's metadata from Tencent Cloud.
- Log in to the CAM console by using a Tencent Cloud account.
- On the left sidebar, click Identity Providers > User-Based SSO.
- On the user-based SSO management page, you can view or copy the URL of the metadata provided by the current user’s SAML SP.
- Create an SAML SP in your IdP and configure Tencent Cloud as the reliable SP by using the methods below according to the actual situation of your IdP:
- If your IdP supports URL-based configuration: copy the SAML SP metadata URL of Tencent Cloud in step 1 to your IdP.
- If your IdP supports configuration based on the uploaded file: copy the SAML SP metadata URL of Tencent Cloud in step 1 to the browser and open it, save the metadata as an XML file, and upload the file to your IdP.
- If your IdP does not support the two methods above: configure the parameters below in your IdP:
Entity ID: the value of the
entityID attribute in the
EntityDescriptor element of the downloaded metadata file.
ACS URL: the value of the
Location attribute in the
AssertionConsumerService element of the downloaded metadata file.