Last updated：2021-07-23 16:45:18
To implement SSO, configure SAML on Kingsoft Cloud, which serves as an SP, and in an enterprise IdP to build mutual trust between them.
Obtain the SP metadata file of Kingsoft Cloud for configuring an SAML SP in the enterprise IdP from http://fe.ksyun.com/fs/ksyun-sp-metadata.xml.
Create an SAML SP in the enterprise IdP and configure Kingsoft Cloud as the trusted entity in any of the following ways:
(1) Enter the URL of Kingsoft Cloud's metadata file obtained in the previous step.
(2) If your IdP does not support URL configuration, download the metadata file from the URL and upload the metadata file to the IdP.
(3) If your IdP does not support metadata file uploading, manually set the following parameters:
As required by Kingsoft Cloud, the SAML assertion generated by the enterprise IdP must contain essential information to confirm the identity of enterprise users. Therefore, SAML assertion attributes must be configured for the enterprise IdP to assume an IAM role to implement SSO with Kingsoft Cloud for enterprise users.
In the Create IdP dialog box, set IdP Name and Remarks, click Upload, and then select the metadata file to be uploaded.
After the role is created, choose Permissions > Grants or Policies in the left navigation pane to grant permissions or attach policies to the role.
The actual procedure for configuring the SAML SP and assertion varies depending on the specific IdP system. An example will be provided to describe how to configure SSO between Azure AD and Kingsoft Cloud, which helps you understand the end-to-end configuration procedures in an enterprise IdP and on Kingsoft Cloud.