This article introduces the enterprise IDP side configuration of role SSO based on SAML 2.0. You first need to create a Volcano Engine service provider (SP) in the enterprise IDP system to establish the IDP's trust in Volcano Engine.

SSO basic process #

SSO basic flow Please refer to: Roles SSO Overview .

Operation steps #

1. If you have not downloaded the SP metadata for Volcano Engine, please obtain the metadata document first.
   1. Login to Volcano Engine - Access Control - Identity Provider Management .
   2. Locate the created SAML metadata identity provider and click on the identity provider name under the metadata file on the identity pr****of the **role SSO's service provider metadata URL **. The URL can be copied quickly.
   3. Download the service provider metadata for the role SSO.
2. In the enterprise IDP, based on the SP metadata that has been acquired, a Volcano Engine service provider is created to establish the enterprise IDP's trust in Volcano Engine. The possible configurations of this process based on different IDPs are:
   1. Provide the URL of SP metadata directly;
   2. Upload the metadata file downloaded in step 1;
   3. Manually configure SP-related parameters in the enterprise IDP based on the content in the metadata file:
      1. Entity ID : Configured as the value of the entityID attribute in the EntityDescr****element in the metadata file, example: https://www.volcengine.com/.
      2. ACS URL : The downloaded metadata XML **AssertionConsumerService **the value of the element's **Location **attribute. Example: https://signin.volcengine.com/saml/sso
      3. RelayState (optional): If you want to automatically jump to a Volcano Engine product interface after SSO login, if the enterprise IDP supports configuration, you can specify the Volcano Engine product console URL for login through the RelayState parameter. Please note that the URL here must be under the Volcano Engine console.volcengine.com domain name.

Next steps #

You need to configure the relevant return parameters of the SAML response in the enterprise IDP to provide basic information such as system mutual trust and identity mapping for subsequent SSO logins. Please refer to: SAML response for Role SSO .