tencent cloud

All product documents
Cloud Access Management
DocumentationCloud Access ManagementUser GuideIdentity ProviderRole-Based SSOOneLogin Single Sign-On
OneLogin Single Sign-On
Download PDF
Last updated: 2024-01-23 17:47:38
OneLogin Single Sign-On
Last updated: 2024-01-23 17:47:38
Download PDF

Overview

OneLogin is a cloud identity access management solution provider. You can log in to all the internal system platforms of your organization through OneLogin's identity verification system with one click. Tencent Cloud supports identity federation with Security Assertion Markup Language 2.0 (SAML 2.0). SAML 2.0 is an open standard used by many IdPs such as OneLogin. Federated single sign-on (SSO) can be implemented by using an IdP, and admins can authorize users with their federated identity authenticated to log in to the Tencent Cloud console or call TencentCloud APIs, eliminating the need to create a CAM sub-user for each employee in the organization.
This document describes how to configure OneLogin SSO to Tencent Cloud.

Directions

Creating a OneLogin enterprise application

Note:
This step creates a OneLogin enterprise application. If you are already using one, skip this step and go straight to CAM configuration.
This document uses the application name test as an example.
1. Log in to the OneLogin website and click Applications to enter the application managem
ent p
age.
2. On the application management page, click Add App in the top-right corner.
3. In the search box, enter SAML and press Enter. In the results list, click Pilot Catastrophe SAML (IdP) as shown below:


4. In Display Name field, enter the application name. Click Save in the top-right corner to complete the application creation as shown below:



Configuring CAM

Note:
This step configures the trust relationship between OneLogin and Tencent Cloud.
In this example, the SAML IdP and role name are both test.
1. On the OneLogin application management page, select the created application test.
2. Click More Actions in the top-right corner and select SAML Metadata to download the IdP cloud data file as shown below:


3. Create the Tencent Cloud CAM IdP and role. For detailed directions, see Creating an IdP and Creating Role.

Configuring OneLogin SSO

Note:
This step maps OneLogin application attributes to Tencent Cloud attributes to create the trust between the OneLogin application and Tencent Cloud.
1. On the OneLogin application management page, click the created test application to enter the application editing page.
2. Select the Configuration tab, enter the following content, and click Save as shown below:


You can configure it based on the site of your Tencent Cloud account:
Site
SAML Consumer URL
SAML Audience
SAML Recipient
Tencent Cloud International
https://www.tencentcloud.com/login/saml
https://www.tencentcloud.com/login/saml
https://www.tencentcloud.com/login/saml
3. Click Parameters, select Add Parameter, and add the following two items:
Field name
Flags
Value
Source Attribute
https://cloud.tencent.com/SAML/Attributes/Role
Include in SAML assertion
Macro
qcs::cam::uin/{AccountID}:roleName/{RoleName1};qcs::cam::uin/{AccountID}:roleName/{RoleName2},qcs::cam::uin/{AccountID}:saml-provider/{ProviderName}
https://cloud.tencent.com/SAML/Attributes/RoleSessionName
Include in SAML assertion
Macro
Test
Note
Replace {AccountID}, {RoleName}, and {ProviderName} of the Role source attribute with the following content:
{AccountID}: Replace this with your Tencent Cloud account ID. You can view this in Account Information in the console.
{RoleName}: Replace this with the role name you created on Tencent Cloud. You can view this in Role in the console.
{ProviderName}: Replace this with the SAML IdP name that you created on Tencent Cloud. You can view this in IdPs in the console.
4. Click Save in the top-right corner to save the configuration.

Configuring a OneLogin user

1. Log in to the OneLogin website and click Users to enter the user management page.
2. Click New User in the top-right corner to enter the user creation page.
3. Enter Fir
st N
ame, Last Name, Email, and Username and click Save User as shown below:


Note:
Check your email for the password of this account, or click More Actions and select Change Password to change the password.
4. Click Applications on the user editing page. Select

on the right as shown below:


5. In the pop-up window, select the SAML test application that you created. Click Continue as shown below:


6. On the editing page, click Save as shown below:


7. Use the account created in step 3 to log in to OneLogin, and access the SAML test application created in the preceding sections. You will be redirected to the Tencent Cloud console.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback

Contact Us

Contact our sales team or business advisors to help your business.

Contact Us
Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

Submit a Ticket
7x24 Phone Support