This topic describes how to create a Resource Access Management (RAM) role for a trusted identity provider (IdP). This type of RAM role is used to implement single sign-on (SSO) between Alibaba Cloud and a trusted IdP.
- Log on to the RAM console by using your Alibaba Cloud account.
- In the left-side navigation pane, choose .
- On the Roles page, click Create Role.
- In the Create Role panel, select IdP for Select Trusted Entity and click Next.
- Specify the RAM Role Name and Note parameters.
- Select a trusted IdP, read the conditions, and then click OK. Note Only the
saml:recipientcondition key is supported. This condition key is required and cannot be changed.
- Click Close.
What to do next
After the RAM role is created, the RAM role has no permissions. You can grant permissions to the RAM role. For more information, see Grant permissions to a RAM role.