This article introduces Volcano Engine side configuration for role SSO based on SAML 2.0. You first need to create your enterprise identity provider (IDP) in Volcano Engine - Access Control to establish Volcano Engine's trust in the IDP.

SSO basic process #

SSO basic flow Please refer to: Roles SSO Overview .

Operation steps #

1. Please log in to Volcano Engine - Access Control - Identity Provider Management .

2. On the Identity Provider List page, click the **New Identity Provider **button.

   1. **Identity Provider Type **Select SAML;
   2. **SSO Type **Select Role SSO;
   3. Click on the service provider metadata URL of the role SSO and download the corresponding XML document, which needs to be uploaded to the IDP system in the next steps.
   4. Enter a valid **identity provider name **and a note. It is recommended that you choose a readable IDP logo or abbreviation as the identity provider name.
   5. Upload the metadata file at your IDP.

   tip

   The IDP document needs to be in XML format and contain information such as the IDP's login address, EntityID, and a valid X509 certificate for subsequent SAML SSO security verification.

3. Click Submit and the IDP is created.

Next steps #

You need to create the corresponding IAM role within Volcano Engine, and the trust identity type needs to be Identity Provider, and you need to select Identity Provider you just created. Refer to Role Management .

If the IAM role has been created, configure Volcano Engine as a trusted service provider (SP) for the enterprise IdP. Please refer to SAML 2.0 Role SSO Configuration for Enterprise IDPs .