# Log in to Tencent Cloud console using SAML2
Tencent Cloud supports federated authentication based on SAML 2.0 (Security Assertion Markup Language 2.0) (opens new window) to achieve integration with the enterprise Interoperability of online accounts.
# Configure in Authing
If you haven't created an application yet, you need to [create an application] in Authing (/quickstart/create-authing-account.md).
Go to Control Panel > Apps > App List, find your application, and click "Configuration".
On the application details page, click the "Configure SAML2 Identity Provider" tab, turn on the "Enable SAML2 Provider" switch, default ACS address fill in https://cloud.tencent.com/login/saml.
Setting content is filled in as follows:
{
"audience": "cloud.tencent.com",
"recipient": "https://cloud.tencent.com/login/saml",
"destination": "https://cloud.tencent.com/login/saml",
"mappings": null,
"digestAlgorithm": "http://www.w3.org/2001/04/xmlenc#sha512",
"signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512",
"authnContextClassRef": "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified",
"lifetimeInSeconds": 3600,
"signResponse": false,
"nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
"samlRequestSigningCert": ""
}
Add the following attributes to the custom Attribute property configuration, where <AccountID> is your Tencent Cloud account ID, <RoleName> is the name of the role you created in Tencent Cloud, and <ProviderName> is your account in Tencent Cloud The name of the identity provider created.
{
"https://cloud.tencent.com/SAML/Attributes/Role": "qcs::cam::uin/<AccountID>:roleName/<RoleName>,qcs::cam::uin/<AccountID>:saml -provider/<ProviderName>",
"https://cloud.tencent.com/SAML/Attributes/RoleSessionName": "Test"
}
Click "Save". Then download the metadata document of SAML2 Identity Provider:
https://core.authing.cn/api/v2/saml-idp/application ID/metadata
# Configure in Tencent Cloud console
Enter user nickname trigger from Tencent Cloud drop-down menu > Access management page > Left navigation bar select Identity Provider, click the blue button "New Identity Provider" ".
Here you need to upload the IdP Metadata XML file just downloaded. The provider name needs to be filled in the <ProviderName> just filled in the Authing custom Attribute attribute configuration.
Click Next after uploading.
Click "Finish" on the review page.
Enter the user nickname trigger drop-down menu from Tencent Cloud > access the management page > select a role in the left navigation bar, click the blue button "New Role", and select an identity provider in the pop-up window.
Select the identity provider Authing you just created.
Click "Next".
Select the authority granted to this identity provider on the role authority configuration page. Here, select Administrator authority, which means full access.
Click "Next".
On the review page, enter the role name, which needs to be consistent with the <RoleName> previously filled in Authing.
Click "Finish" below.
# Use IdP to log in to Tencent Cloud
Enter user nickname trigger from Tencent Cloud drop-down menu > Access management page > left navigation bar select identity provider
Click on the identity provider you just created.
Copy the login link and go to the new tab page of the browser to access it.
Click "OK to Jump".
The browser is redirected to the Authing IdP user login authentication page, select a login method, and enter the information. Click to Login".
The browser will jump to the Tencent Cloud console, and the single sign-on is successful.
