DocsICP FilingConsole
官方文档
首页

Huawei Cloud SSO

更新时间:
复制 MD 格式
产品详情
我的收藏

This document describes how to configure single sign-on (SSO) for Huawei Cloud in IDaaS. With SSO, users can use their enterprise accounts to sign in to Huawei Cloud. This process is known as federated identity authentication in Huawei Cloud.

Procedure

Step 1: Create an application

  1. Log in to the IDaaS management console.

  2. Select an IDaaS instance and click Console below the Operations area.

  3. Go to Applications > Add Application > Marketplace, search for Huawei Cloud SSO, and click Add Application.

  4. Confirm the application name and click Add.

Step 2: Configure single sign-on

  1. After adding the application, you are automatically redirected to its SSO configuration page.

  2. Enter the Logon URL, which you will obtain in Step 3.

    Select an application account name attribute. This attribute serves as the primary key that maps the user to the corresponding IAM user in Huawei Cloud during SSO.

    For testing purposes, we recommend setting the Authorize to All Users to skip the step of assigning permissions to IDaaS accounts.

  3. In the Application Settings section, download the Download IdP Metadata file and save it to your computer. This file is required to establish trust between Huawei Cloud and IDaaS.

Step 3: Configure user SSO

  1. Log in to the Huawei Cloud IAM console.

  2. In the left navigation pane, click Identity Provider.

  3. Click Create IdP.

  4. Enter a name and click OK.

  5. Click Modify identity provider, or click Modify in the list of identity providers.

  6. In the Metadata configuration section, add the IdP Metadata file that you downloaded from IDaaS in Step 2, and then click Upload File. Confirm the metadata configuration, which usually requires no modification.

  7. Copy the Logon URL and paste it into the Logon URL field on the Huawei Cloud SSO application details page, as instructed in Step 2. Click OK to create the identity provider.

Step 4: Verify SSO

You can sign in to Huawei Cloud SSO in two ways:

  1. Sign in to the IDaaS application portal with an authorized account for the Huawei Cloud SSO application. Click the Huawei Cloud SSO icon on the page. You are automatically signed in to Huawei Cloud as a federated user.

  2. In a private or incognito browser window, open the Huawei Cloud sign-in page. Click More Login Options and select Corporate Federation User.

  3. Enter your original Huawei Cloud account or tenant name, select the identity provider, and click Go to Sign In.

  4. If you are already signed in to the IDaaS portal, you are logged in to Huawei Cloud directly. Otherwise, you are redirected to the IDaaS sign-in page. After signing in, you are automatically logged in to Huawei Cloud as a federated user.

Step 5: Configure identity conversion rules

When users sign in to Huawei Cloud as federated users, their default username is "FederationUser". By default, these users can access Huawei Cloud but have no permissions. You can configure identity conversion rules in the Huawei Cloud IAM console to:

  • Map your enterprise users to specific usernames in Huawei Cloud.

  • Assign permissions to your enterprise users for accessing Huawei Cloud resources.

For more information, see the official Huawei Cloud documentation: Configure identity conversion rules.

Previous:Tencent Cloud role-based SSONext:Baidu AI Cloud user SSO