Skip to main content

Manage Workload Identity Federation for AI Object Storage

Set up and manage Workload Identity Federation to authenticate AI Object Storage Access Keys

Workload Identity Federation enables authorizing Access Keys using your IdP as the authorizing entity.

Prerequisites

This guide presumes the following:

  • You have administrator privileges for your organization
  • You have a mechanism for generating SAML assertions; most commonly, this is an Identity Provider (IdP)

Procedure

To create Workload Identity Federation configurations for your organization, first log in to your CoreWeave organization on the Cloud Console.

From the left-hand navigation pane, select the IAM drop-down menu. Inside this menu, select Workload Federation to navigate to the Workload Federation page.

From the Workload Federation page, you can view or edit your existing Workload Identity Federation configurations.

Create a configuration

To create a new configuration, click the Create Configuration button. This opens the configuration creation page.

To properly configure Workload Identity Federation, you must provide:

  • Name: A unique name for the configuration
  • Description: A brief description of the configuration
  • IdP Entity ID: The Entity ID of your IdP
  • X.509 Certificate: The X.509 certificate of your IdP

After providing the necessary information, click the Create Configuration button to create the configuration.

Created configurations are viewable on the Workload Federation page. After the configuration is created, a Config ID is generated. This ID is used to associate the new configuration to your AI Object Storage Access Keys by passing it in to the API call as the value of configId.

Example

data.json
{
"durationSeconds": 300,
"orgId": "abc123",
"configId": "<WORKLOAD_FEDERATION_CONFIG_ID>",
"samlResponse": "<BASE64_ENCODED_SAML_RESPONSE>"
}
Learn more

For more information on how to use Workload Identity Federation with AI Object Storage, refer to the API Reference.