Community

Blog Events Webinars Tutorials Forum
  1. Blog
  2. Events
  3. Webinars
  4. Tutorials
  5. Forum
Create Account
×
Community Blog Microsoft Entra Single Sign-On (SSO) Integration with Alibaba Cloud

Microsoft Entra Single Sign-On (SSO) Integration with Alibaba Cloud

This article introduces how to integrate Microsoft Entra single sign-on (SSO) with Alibaba Cloud

By Kidd Ip

This post is going to share Microsoft Entra single sign-on (SSO) integration with Alibaba Cloud.

Most of the enterprise are looking for a secure, seamless approach for the authentication and authorization, Alibaba Cloud do offers Identity and Access Management (IAM), for identities, permission and access control across various services and applications

There is still high portion of Windows clients, so Microsoft Entra (We called AAD at the past) is still demanding nowadays, for integration with other applications or services like Alibaba Cloud

Let’s move to Alibaba Cloud Service from the gallery to the list of managed SaaS apps under Azure tenant first:

1. Azure Portal:

  • Login Azure portal.
  • In the upper-left corner, click the icon
  • Navigate to Identity ➡ Applications ➡ Enterprise applications ➡ New application.

2. Gallery Search:

  • In the Add from the gallery section, type Alibaba Cloud Service (Role-based SSO) in the search box.
  • Select Alibaba Cloud Service (Role-based SSO) from the results panel.

3. Adding the App:

  • Click Add button.

We are now ready to setup single sign-on (SSO) between Azure and Alibaba Cloud

1. Azure AD Configuration:

  • Log in to the Azure portal.
  • Navigate to Azure Active Directory.
  • Go to Enterprise applications and click New application.
  • Search for Alibaba Cloud Service (Role-based SSO) in the gallery.

  • Add the application and configure the basic SAML settings:

    • Set the Sign-on URL for Alibaba Cloud.
    • Define custom attribute mappings as required by Alibaba Cloud.
    • Download the federation metadata XML file from Microsoft Entra.

1
2
3

2. Alibaba Cloud Configuration:

  • Log in to the Alibaba Cloud RAM Console.
  • In the SSO Logon section, download the service provider (SP) metadata file.
  • If you’ve configured SCIM synchronization, use the existing application; otherwise, create a new one.
  • Ensure that usernames in Alibaba Cloud match those used for SSO in Microsoft Entra.

3. Upload Metadata and Configure Issuer URL:

  • In Alibaba Cloud, upload the SP metadata file obtained from Microsoft Entra.
  • Check the SAML issuer URL and save the configuration.

Now we are ready to Enable SSO for users in the specified domains and Test!

Disclaimer: The views expressed herein are for reference only and don't necessarily represent the official views of Alibaba Cloud.

RAM Resource Access Management Resource Monitoring Tutorials Single Sign-On Identity and Access Management Authentication and Authorization Microsoft Entra
0 1 0
Share on

Read previous post:

Introducing Alibaba Cloud Key Management Service (KMS)

Kidd Ip

8 posts | 3 followers

You may also like

Comments

Kidd Ip

8 posts | 3 followers

Related Products

More Posts by Kidd Ip

See All