You need to enable JavaScript to run this app.
IAM

IAM

  • Documentation
    • IAMUser GuideIdentitiesSingle Sign-onScenarios for User SSO and Role SSO
Copy page
Download PDF
Single Sign-on
Scenarios for User SSO and Role SSO
Copy page
Download PDF
Scenarios for User SSO and Role SSO

Volcano Engine supports two single sign-on methods, user SSO and role SSO, among which:

  • User SSO: After completing the mutual trust configuration between IdP and SP, when the enterprise IdP user logs in, Volcano Engine establishes the correspondence between the IdP user and Volcano Engine IAM user through the SAML assertion sent by the IdP, and the enterprise IdP user can access the Volcano Engine resources through the corresponding IAM user. The scope of access permissions is within the scope of the IAM user permissions.

  • Role SSO: refers to the establishment of a trust identity for the role of the corresponding IdP and the completion of the mutual trust configuration between the IdP and the SP. When the enterprise IdP user logs in, the user accesses the Volcano Engine resources by playing the available IAM role specified in the SAML assertion sent by the IdP. The scope of access permissions is within the scope of the IAM role permissions.

Identity Provider TypeVolcano Engine IdentityThe number of IDPs of the same type under a single accountApplicable scenarioSupport Agreement

User SSO

IAM User

at most one

  • General scenarios, mapping between enterprise users and Volcano Engine users one by one, etc

  • When customers use SaaS products, it is recommended to implement single sign-on through user SSO

SAML,OAuth2.0

Role SSOIAM Roleat most 100- Customers are divided according to personnel roles, such as IT departments logging in according to IT_admin rolesSAML
Last updated: 2025.06.30 10:38:46