Overview
OneLogin is a cloud identity access management solution provider. You can log in to all the internal system platforms of your organization through OneLogin's identity verification system with one click. Tencent Cloud supports identity federation with Security Assertion Markup Language 2.0 (SAML 2.0). SAML 2.0 is an open standard used by many IdPs such as OneLogin.
Federated single sign-on (SSO) can be implemented by using an IdP, and admins can authorize users with their federated identity authenticated to log in to the Tencent Cloud console or call TencentCloud APIs, eliminating the need to create a CAM sub-user for each employee in the organization.
This document describes how to configure OneLogin SSO to Tencent Cloud.
Directions
Creating a OneLogin enterprise application
Note:
This step creates a OneLogin enterprise application. If you are already using one, skip this step and go straight to CAM configuration. This document uses the application name test as an example.
1. Log in to the OneLogin website and click Applications to enter the application management p
age. 2. On the application management page, click Add App in the top-right corner.
3. In the search box, enter SAML and press Enter. In the results list, click Pilot Catastrophe SAML (IdP) as shown below:
4. In Display Name field, enter the application name. Click Save in the top-right corner to complete the application creation as shown below:
Configuring CAM
Note:
This step configures the trust relationship between OneLogin and Tencent Cloud.
In this example, the SAML IdP and role name are both test.
2. Click More Actions in the top-right corner and select SAML Metadata to download the IdP cloud data file as shown below:
Configuring OneLogin SSO
Note:
This step maps OneLogin application attributes to Tencent Cloud attributes to create the trust between the OneLogin application and Tencent Cloud.
2. Select the Configuration tab, enter the following content, and click Save as shown below:
You can configure it based on the site of your Tencent Cloud account:
|
Tencent Cloud International | https://www.tencentcloud.com/login/saml | https://www.tencentcloud.com/login/saml | https://www.tencentcloud.com/login/saml |
3. Click Parameters, select Add Parameter, and add the following two items:
|
https://cloud.tencent.com/SAML/Attributes/Role | Include in SAML assertion | Macro | qcs::cam::uin/{AccountID}:roleName/{RoleName1};qcs::cam::uin/{AccountID}:roleName/{RoleName2},qcs::cam::uin/{AccountID}:saml-provider/{ProviderName} |
https://cloud.tencent.com/SAML/Attributes/RoleSessionName | Include in SAML assertion | Macro | Test |
Note:
Replace {AccountID}, {RoleName}, and {ProviderName} of the Role source attribute with the following content:
{RoleName}: Replace this with the role name you created on Tencent Cloud. You can view this in Role in the console. {ProviderName}: Replace this with the SAML IdP name that you created on Tencent Cloud. You can view this in IdPs in the console. 4. Click Save in the top-right corner to save the configuration.
Configuring a OneLogin user
1. Log in to the OneLogin website and click Users to enter the user management page. 2. Click New User in the top-right corner to enter the user creation page.
3. Enter First N
ame, Last Name, Email, and Username and click Save User as shown below:
Note:
Check your email for the password of this account, or click More Actions and select Change Password to change the password.
4. Click Applications on the user editing page. Select on the right as shown below:
5. In the pop-up window, select the SAML test application that you created. Click Continue as shown below:
6. On the editing page, click Save as shown below:
7. Use the account created in step 3 to log in to OneLogin, and access the SAML test application created in the preceding sections. You will be redirected to the Tencent Cloud console.
Was this page helpful?