Accelerate access from outside the Chinese mainland
CloudSSO-related data is stored in the region that you select when you create the CloudSSO directory. You can use the accelerated URL feature to ensure access stability for CloudSSO users outside the Chinese mainland in the following scenarios: Your directory resides in a region in the Chinese mainland and your intended users access CloudSSO from outside the Chinese mainland, or your identity provider (IdP) is deployed outside the Chinese mainland and System for Cross-domain Identity Management (SCIM) synchronization is enabled to transmit data from the IdP to the region in which the directory resides. Currently, only the China (Shanghai) region is supported for the CloudSSO directory. The accelerated URL feature is provided free of charge.
-
The accelerated URL feature is in invitational preview. Contact your account manager to apply for a trial.
-
After you enable the accelerated URL feature, CloudSSO-related data is first transmitted to the closest Alibaba Cloud acceleration endpoint to your intended users or IdP. Then, the data is transmitted to the China (Shanghai) region in which your directory resides. If you agree to enable the accelerated URL feature, you shall be solely responsible for ensuring that the cross-border transmission or disclosure of your business data complies with all applicable laws, including providing adequate data protection, providing adequate privacy statements, and obtaining necessary consent from the individuals concerned. In addition, you shall ensure that your business data does not contain any content that is restricted, or prohibited from transmission or disclosure by applicable laws. For more information about data transmission paths, see Supported regions of the CloudSSO directory.
Enable the accelerated URL feature
-
Log on to the CloudSSO console as the CloudSSO administrator.
-
In the left-side navigation pane, click Settings.
-
In the Global Management section, click Enable.
-
In the Confirm to Enable Accelerated Endpoint dialog box, carefully read the consent agreement, acknowledge your legal responsibilities for cross-border data transfer, and then click OK.
Use the accelerated URL
A CloudSSO administrator can find the accelerated URL in the User Logon URL section on the Overview page.
Users outside the Chinese mainland who access the Alibaba Cloud Management Console by using CloudSSO can use the accelerated URL. Users in the Chinese mainland can access the Alibaba Cloud Management Console by using the logon URL.
Implement SSO by using the accelerated URL
If your directory resides in the China (Shanghai) region and your IdP resides outside the Chinese mainland, you can use the accelerated ACS URL to implement single sign-on (SSO) from the IdP to Alibaba Cloud. For more information, see Overview. You can use one of the following methods:
-
On the Settings page, in the SSO Logon section, click Download SP Metadata File. This downloads a new SP metadata file that contains the accelerated ACS URL. Use this file to update the SSO configuration of your IdP.
-
On the Settings page, in the SSO Logon section, copy the ACS URL (Accelerated Endpoint) and paste it into the SSO configuration of your IdP.
Use the accelerated URL to implement SCIM synchronization
If your directory resides in the China (Shanghai) region and your IdP resides outside the Chinese mainland, you can use the accelerated SCIM endpoint.
On the Settings page, in the SCIM user synchronization configuration section, copy the SCIM Endpoint (Accelerated) and manually update it in your IdP's SCIM synchronization configuration.