Updated on 2024-02-21 GMT+08:00

Changing the Identity Source

IAM Identity Center provides identity federation based on Security Assertion Markup Language (SAML). This function allows users in your enterprise management system to access Huawei Cloud through single sign-on (SSO). You can use IAM identity providers (IdPs) to manage user identities outside of Huawei Cloud. For details about IAM IdPs, see Identity Providers.

IAM Identity Center works with SAML 2.0-based external identity provider systems, such as Microsoft Azure Active Directory (AD) or Okta. The implementation is as follows:
  • IAM Identity Center can connect to external identity provider systems via SAML 2.0.
  • IAM Identity Center automatically provisions users from SCIM-compliant identity providers. The administrator can manage users in external identity providers. User details can be automatically synchronized to IAM Identity Center without manual intervention.
  • IdP users can use their existing accounts and passwords to log in to the portal and then go to Huawei Cloud to access resources of the Huawei Cloud account. The IAM Identity Center administrator does not need to re-assign passwords.

You can choose IAM Identity Center or an external identity provider as your identity source. You can change your identity source in IAM Identity Center.

Changing to External Identity Provider

  1. Log in to the Huawei Cloud console.
  2. Click in the upper left corner of the page and choose Management & Governance > IAM Identity Center.
  3. Choose Settings in the left navigation pane.
  4. On the Identity Source tab, click Change to external identity provider in the Identity Source row.

    Figure 1 Changing to an external identity provider

  5. In the Configure Identity Provider step on the displayed page, configure required information and click Next.

    • Service provider details

      Click Download Metadata File and save the downloaded file on your system. The IAM Identity Center SAML metadata file is required by your external identity provider.

    • Identity provider details
      • In the IdP SAML Metadata row, click Select File and upload the SAML metadata file downloaded from your external identity provider. This metadata file contains the certificate used to trust messages that are sent from the identity provider.
      • If you did not obtain the IdP SAML metadata file, enter the IdP login URL and IdP issuer URL, and upload the IdP certificate.
    Figure 2 Configuring an identity provider

  6. In the Confirm step, review and confirm the change. After you read the disclaimer and are ready to proceed, enter ACCEPT in the text box and click OK in the lower right corner of the page.

    Figure 3 Confirming the change of the identity source

    After the identity source is changed to an external identity provider, the system supports SAML 2.0-based identity federation as well as manual and automatic SCIM provisioning. For details, see Configuring an External Identity Provider.

Changing to IAM Identity Center

  1. Log in to the Huawei Cloud console.
  2. Click in the upper left corner of the page and choose Management & Governance > IAM Identity Center.
  3. Choose Settings in the left navigation pane.
  4. On the Identity Source tab, click Change to IAM Identity Center in the Identity Source row.

    Figure 4 Changing to IAM Identity Center

  5. Review and confirm the change. After you read the disclaimer and are ready to proceed, enter ACCEPT in the text box and click OK in the lower right corner of the page.

    Figure 5 Confirming the change of the identity source