The existing identity system of an enterprise acts as an Identity Provider (IdP) and needs to configure SAML for Tencent Cloud Service Provider (SP) to establish trust from the enterprise IdP to Tencent Cloud. This enables enterprise IdP users to log in to Tencent Cloud using User Single Sign-On (SSO).
Instructions
1. Obtain the URL of SAML SP's metadata from Tencent Cloud.
1.2 In the left sidebar, click Identity Providers > User SSO.
1.3 On the User-Based SSO page, you can view or copy the SAML Service Provider metadata URL of the current user.
2. Create a SAML SP in your enterprise IdP and configure Tencent Cloud as a trusted SP. The specific configuration method can be chosen from the following options based on the actual situation of your enterprise IdP:
If the enterprise IdP supports URL configuration: Copy the URL of Tencent Cloud SP's metadata obtained in step 1 directly into the enterprise IdP for configuration.
If your enterprise IdP supports file configuration: Copy the URL of Tencent Cloud SP's metadata from step 1, open it in a browser and save it as an XML file. Then, upload this file to your enterprise IdP for configuration.
If the enterprise IdP does not support the above two methods, the following parameters need to be manually configured on the enterprise IdP:
Category
Required or Not
Note
Entity ID
Required or Not
In the downloaded metadata XML, the value of the entityID attribute of the EntityDescriptor element.
ACS URL
Required or Not
In the downloaded metadata XML, the value of the Location attribute of the AssertionConsumerService element.
Note
If you need to specify a different Tencent Cloud page to redirect to, you can specify it using the format https://cloud.tencent.com/login/saml?s_url=xxxx, where xxxx is the address you need to specify, which needs to be URL-encoded.
