All Products
Search
Document Center

Resource Access Management:Manage a SAML IdP

Last Updated:Sep 17, 2025

Before you implement role-based single sign-on (SSO), you must create a Security Assertion Markup Language (SAML) identity provider (IdP). This topic describes how to create, view, modify, and delete a SAML IdP.

Create a SAML IdP

Before you create a SAML IdP, make sure that you obtained the metadata file of the IdP. The metadata file is in the XML format. The metadata file contains the logon URLs, the public key that is used to verify SAML assertions, and the assertion format.

  1. Log on to the Resource Access Management (RAM) console as a RAM administrator.

  2. In the navigation pane on the left, choose Integrations > SSO.

  3. On the Role-based SSO tab, click the SAML tab and click Add IdP.

  4. On the Create IdP page, configure IdP Name and Remarks.

  5. In the Metadata File section, click Upload Metadata and upload the metadata file from your enterprise IdP.

  6. Click Create IdP.

View the basic information about a SAML IdP

  1. Log on to the RAM console as a RAM administrator.

  2. In the navigation pane on the left, choose Integrations > SSO.

  3. On the Role-based SSO tab, click the SAML tab and click the IdP whose basic information you want to modify.

  4. In the Basic Information section, view the IdP Name, IdP Type, Creation Time, Update Time, ARN, Remarks, and Metadata File.

Modify the basic information about a SAML IdP

You can modify only the description and metadata file.

  1. Log on to the RAM console as a RAM administrator.

  2. In the navigation pane on the left, choose Integrations > SSO.

  3. On the Role-based SSO tab, click the SAML tab and click the IdP whose basic information you want to modify.

  4. Modify the basic information about a SAML IdP

    • To the right of Remarks, click Edit to modify the remarks.

    • To the right of Metadata File, click Replace Metadata to upload a new metadata file.

      Warning

      Upload a valid metadata file that you obtained from the IdP. Otherwise, single sign-on (SSO) fails.

Delete a SAML IdP

  1. Log on to the RAM console as a RAM administrator.

  2. In the navigation pane on the left, choose Integrations > SSO.

  3. On the Role-based SSO tab, click the SAML tab. Then, find the target IdP and click Delete IdP in the Actions column.

  4. In the Delete IdP dialog box, click Delete IdP.

    Warning

    After you delete a SAML IdP, role-based SSO cannot be implemented between your business system and RAM.