Manage Workload Identity Federation for AI Object Storage
Set up and manage Workload Identity Federation to authenticate AI Object Storage Access Keys
Workload Identity Federation enables authorizing Access Keys using your IdP as the authorizing entity.
Prerequisites
This guide presumes the following:
- You have administrator privileges for your organization
- You have a mechanism for generating SAML assertions; most commonly, this is an Identity Provider (IdP)
Procedure
To create Workload Identity Federation configurations for your organization, first log in to your CoreWeave organization on the Cloud Console.
From the left-hand navigation pane, select the IAM drop-down menu. Inside this menu, select Workload Federation to navigate to the Workload Federation page.
From the Workload Federation page, you can view or edit your existing Workload Identity Federation configurations.
Create a configuration
To create a new configuration, click the Create Configuration button. This opens the configuration creation page.
To properly configure Workload Identity Federation, you must provide:
- Name: A unique name for the configuration
- Description: A brief description of the configuration
- IdP Entity ID: The Entity ID of your IdP
- X.509 Certificate: The X.509 certificate of your IdP
After providing the necessary information, click the Create Configuration button to create the configuration.
Created configurations are viewable on the Workload Federation page. After the configuration is created, a Config ID is generated. This ID is used to associate the new configuration to your AI Object Storage Access Keys by passing it in to the API call as the value of configId.
Example
{"durationSeconds": 300,"orgId": "abc123","configId": "<WORKLOAD_FEDERATION_CONFIG_ID>","samlResponse": "<BASE64_ENCODED_SAML_RESPONSE>"}
For more information on how to use Workload Identity Federation with AI Object Storage, refer to the API Reference.