This article introduces Volcano Engine side configuration for user SSO based on SAML 2.0. You first need to create your enterprise identity provider (IDP) in Volcano Engine - Access Control to establish Volcano Engine's trust in the IDP.

SSO basic process #

SSO basic process please refer to: User SSO Overview .

Operation steps #

1. Please log in to Volcano Engine - Access Control - Identity Provider Management .

2. On the Identity Provider List page, click the **New Identity Provider **button.

   1. **Identity Provider Type **Select SAML;
   2. **SSO Type **Select User SSO;
   3. Click on the service provider metadata URL of the user SSO and download the corresponding XML document, which needs to be uploaded to the IDP system in the next steps.
   4. In the **User SSO Login Settings **, the **On User SSO **switch is turned on. Once enabled, user SSO login can be performed using the current IDP.
      1. This feature is turned off by default. If it is not turned on, the current IDP settings will not take effect.
      2. Once enabled, user SSO login can be performed using the current IDP. After enabling user SSO, you can choose whether to disable other login methods. Turning off other login methods converges the user's authentication at your IDP, and enterprise users log in to Volcano Engine only through SSO, enhancing your account security baseline.

      tip

      This switch only affects IAM sub-users under the current account, not the main account. Also, this switch has nothing to do with the "Console Login" configuration item on the child user details page.

   5. Enter a valid **identity provider name **and a note. It is recommended that you choose a readable IDP logo or abbreviation as the identity provider name.
   6. Upload the metadata file at your IDP.

   tip

   The IDP document needs to be in XML format and contain information such as the IDP's login address, EntityID, and a valid X509 certificate for subsequent SAML SSO security verification.

3. Click Submit and the IDP is created.

Next steps #

You need to create a corresponding IAM user within Volcano Engine, see User Management .

If you have already created an IAM user, configure Volcano Engine as a trusted service provider (SP) for your enterprise IdP. Please refer to SAML 2.0 User SSO Configuration for Enterprise IDPs .