Scenario

Enterprises often deploy their own identity provider service to authenticate corporate users accessing internal applications. For such users, maintaining another set of user names and passwords for access to Alibaba Cloud can be a major inconvenience. For the IT security staff, managing multiple sets of credentials also makes administration more difficult.

Alibaba Cloud supports SAML-based single sign-on (SSO), which enables your employees to log on to the Alibaba Cloud console by using their corporate credentials. This solution helps establish mappings between Resource Access Management (RAM) users or roles and Windows Active Directory (AD) users. With this solution, you can enable centralized access control to help increase productivity and security, and provide a better user experience for your corporate users who need to access Alibaba Cloud management consoles.