Integration of Tencent Cloud Console with Zhuyun IDaaS (User-Based)
# Description
This document describes how to implement IDaaS login to the Tencent Cloud Console (based on Tencent Cloud Console users).
Reference document Accessing Tencent Cloud Management Console Using SAML 2.0 Federated Identity Users (opens new window)
# Prerequisites
The administrator has a Tencent Cloud account.
The administrator has access to the IDaaS Enterprise Center.
# Authentication Configuration
# Tencent Cloud System Configuration
After User SSO is enabled, sub-account login will redirect to the identity provider's login page. Except for the primary account, sub-accounts cannot log in via account and password.
Log in to the Tencent Cloud Console as an administrator, navigate to Access Management, 【Identity Provider】-【User SSO】.
Edit the SSO login settings, select SAML as the SSO protocol, import the IDaaS metadata XML file. To download the IDaaS IDP metadata, please visit https://{your_domain}/api/v1/saml2/idp/metadata.
Copy the SAML Service Provider metadata URL, open the link, copy the webpage content, and save it as an sp.xml file.
# IDaaS Configuration
Log in to the IDaaS Enterprise Center, navigate to 【Resources】 -> 【Applications】 -> 【Pre-integrated Applications】 -> Search for Tencent Cloud.
Import the sp.xml file saved in the previous step.
Enter the application details, navigate to 【Authentication Integration】 -> 【Mapping Configuration】, and add a mapping.
Authorization Management - Application Accounts - Add Account. The account name should be consistent with the sub-user name within Tencent Cloud.
# Login Verification
Two login methods are as follows:
Authorized users log in to the IDaaS User Center and click the logo to perform single sign-on to the Tencent Cloud system.
Access Tencent Cloud, log in using a sub-user. After entering the primary account ID, click "User SSO Login", which redirects to the IDaaS login interface. Enter the login credentials to access Tencent Cloud.
