Product Introduction
- Overview
- Concepts
Purchase Guide
Operation Guide
- Console Overview
- Organization Settings
- Department Management
- Member Account Management
- Member Finance Management
- Member Access Management
- Resource Management
- Member Audit
- Identity Center Management
API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Organization Settings APIs
- Department and Member Management APIs
- ListOrganizationIdentity
- Unified Member Login APIs
- Organization Service Management APIs
- Organization Management Policy APIs
- Resource Sharing APIs
- Identity Center Management APIs
- Identity Center User Management APIs
- Identity Center User Group Management APIs
- Identity Center Management SCIM Synchronization APIs
- Identity Center Single Sign-On Management APIs
- Identity Center Permission Configuration Management APIs
- Identity Center Multi-Account Authorization Management APIs
- Identity Center Sub-User Synchronization Management APIs
- Data Types
- Error Codes
- TCO API 2018-12-25
Related Agreement
- Statement of Tencent Cloud Customers’ Tencent Cloud Organization
FAQs
Glossary

Manage SSO

Modo Foco

Tamanho da Fonte

Última atualização: 2025-07-09 17:16:02

Overview
The TCO Identity Center supports SAML 2.0-based single sign-on (SSO). Tencent Cloud is a service provider (SP), and the enterprise's own identity management system is an identity provider (IdP). Through SSO, enterprise employees can use users in the IdP to directly log in to the Identity Center.
Directions
Enabling SSO
After enabling SSO, you can configure identity provider information.
1. Log in to the TCO > Identity Center Management > Settings page, in the SSO Login area, turn on the SSO switch.
﻿
﻿
﻿
2. In the Enable SSO Login  dialog box, click OK.
﻿
Managing Service Provider (SP) Information
When configuring SSO in an external IdP, you will need the SP metadata file. You can download the SP metadata file by clicking Download SP Metadata Documentation in the Service Provider (SP) Information area of the TCO > Identity Center Management > Settings page. You can also view or copy ACS URL and Entity ID for manual configuration in an external IdP.
﻿
Managing Identity Provider (IdP) Information
You need to configure identity provider (IdP) information and enable the SSO switch to use the SSO feature normally.
Both manual configuration and metadata file upload are supported to configure identity provider information.
Manual configuration can only be used to configure essential attributes for SSO: Entity ID, Login Address, and SAML Signing certificate.
If you need to configure more IdP information, generate a metadata file on the IdP side and use the metadata upload method for configuration.
Configuring Identity Provider (IdP) Information
You need to configure identity provider information before enabling SSO.
1. You have logged in to TCO > Identity Center Management > Settings page.
2. In the SSO Login's Identity Provider (IdP) Information area, click Configure Identity Provider Information.
﻿
3. In the Configure Identity Provider Information dialog box, select Upload Metadata Documentation or Configure Manually to configure identity provider information.
You can choose either of the following two methods for configuration. Obtain the relevant metadata file or configuration information from your identity provider.
Upload Metadata Documentation
Click Select File to upload the identity provider's metadata documentation.
          
﻿
﻿
Configure Manually
           
﻿
﻿
Entity ID: Identity provider identifier.
Login Address: Identity provider login address.
Certificate: a certificate used by the identity provider for SAML response signature. You can click Select File to upload the identity provider's certificate.
4. Click OK.
Updating Identity Provider (IdP) Information
You can update identity provider information whether SSO is enabled or disabled. However, for an update when SSO is enabled, inconsistencies between new and existing identity provider information may cause SSO failure. Proceed with caution.
1. In the SSO Login's Identity Provider (IdP) Information area, click Configure Identity Provider Information.
﻿
2. In the Configure Identity Provider Information dialog box, select the configuration method, modify the configuration information, re-upload the certificate or metadata file, and click OK.