• Identity and Access Management

iam
  1. Help Center
  2. Identity and Access Management
  3. User Guide
  4. User Guide
  5. Federated Identity Authentication
  6. Configuring Federated Identity Authentication

Configuring Federated Identity Authentication

Federated identity authentication allows enterprise users to access the cloud system after being authenticated by the enterprise IdP.

The enterprise IdP server and the cloud system must use the same Universal Time Coordinated (UTC) time. Any time inconsistency will cause federated identity authentication failure.

  1. Establish a trust relationship between the cloud system and the enterprise IdP. For details, see section Establishing a Trust Relationship.

    Figure 1 Metadata file exchange model

  2. On the IAM console, create an IdP. For details, see section Creating an IdP.
  3. On the IAM console, specify permissions for the enterprise IdP users to access the cloud system. For details, see section Using Rules to Control Federated User Access to the Cloud System.

    Figure 2 User conversion model

  4. Configure a login link for the cloud system in the enterprise management system to achieve SSO. For details, see section Configuring SSO.

    Figure 3 SSO configuration model

    After logging in to the enterprise management system, enterprise IdP users can click the login link to access the resources in the cloud system.

  5. Configure the client or development tool to call APIs to access the cloud system.