Alibaba Cloud Service (Role-based SSO) - Azure SAML SSO

Question

Hi,

We have more than 1 alibabacloud account and we follow the steps in this link (https://www.alibabacloud.com/help/doc-detail/113735.htm), configured the first alibaba cloud tenant1 successfully, by using this entity id: urn:alibaba:cloudcomputing:international in AzureAD.

But when we try to use back the same method to add tenant2 with same entity ID, it shows the error below:
"Please enter an identifier which is unique within your organization. Search in Enterprise applications and App registrations for tenant1, which currently uses this identifier."

So we changed the Entity ID to urn:alibaba:cloudcomputing:tenant2 but the SSO failed with this error message:

RequestId:112.84_1603538400248_8450
Can't find the intended audience in at least one AudienceRestriction

is there a ways to use the customized Entity ID? How can we make this works so that we can add more alibabacloud sso for different alibabcloud account?

Thanks in advance!

Answer 1

Hi @Alexander Voo . Entity ID uniquely identifies the application, that's the reason why you cannot re-use an already registered value. Althought I have not worked with alibaba you might try the following pattern for the Entity Id field and see if it works:

urn:alibaba:cloudcomputing:international#1
urn:alibaba:cloudcomputing:international#2
etc

--
Please let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.