Identity Management Service (IMS) is integrated with ActionTrail. In the ActionTrail console, you can query the management events that are generated when you manage IMS resources. ActionTrail can deliver management events to Logstores in Log Service or Object Storage Service (OSS) buckets. This way, you can audit the events in real time and locate the causes of issues.
ActionTrail generates management events when you manage cloud resources by using APIs or the Alibaba Cloud Management Console. The following table describes the management events of IMS that you can query in the ActionTrail console. The descriptions of specific events will be provided later.
Event name | Description |
AddClientIdToOIDCProvider | Adds a client ID to an OpenID Connect (OIDC) identity provider (IdP). |
AddDomain | Adds a domain name. |
AddFingerprintToOIDCProvider | Adds a fingerprint to an OIDC IdP. |
AddUserToGroup | Adds a RAM user to a specified RAM user group. |
AddUserToUserGroup | Adds a RAM user to a specified RAM user group. |
BatchCreateUser | Creates multiple RAM users at a time. |
BindMFADevice | Binds a multi-factor authentication (MFA) device to a RAM user. |
ChangePassword | Changes the console logon password as a RAM user. |
CheckDirectoryEnabled | Checks whether a resource directory is enabled. |
CheckResource | Checks resources. |
CheckUserMFA | Checks the MFA information about a RAM user. |
CreateAccessKey | Creates an AccessKey pair for an Alibaba Cloud account or a RAM user. |
CreateApplication | Creates an application. |
CreateAppSecret | Creates an application secret for a specified application. |
CreateGroup | Creates a RAM user group. |
CreateLoginProfile | Enables console logon for a specified RAM user. |
CreateOIDCProvider | Creates an OIDC IdP. |
CreateSAMLProvider | Creates an IdP for role-based single sign-on (SSO). |
CreateUser | Creates a RAM user. |
CreateUserGroup | Creates a RAM user group. |
CreateVirtualMFADevice | Creates an MFA device. |
DeleteAccessKey | Deletes an AccessKey pair of a user. |
DeleteAccessKeyInRecycleBin | Deletes an AccessKey pair from the recycle bin. |
DeleteApplication | Deletes an application. |
DeleteAppSecret | Deletes the application secret of a specified application. |
DeleteGroup | Deletes a specified RAM user group. |
DeleteLoginProfile | Disables console logon for a specified RAM user. |
DeleteOIDCProvider | Deletes an OIDC IdP. |
DeleteSAMLProvider | Deletes a specified IdP for role-based SSO. |
DeleteUser | Deletes a RAM user. |
DeleteUserGroup | Deletes a RAM user group. |
DeleteUserInRecycleBin | Deletes a RAM user from the recycle bin. |
DeleteVirtualMFADevice | Deletes an MFA device. |
DisableVirtualMFA | Unbinds and deletes an MFA device from a specified RAM user. |
GenerateCredentialReport | Generates a user credential report. |
GetAccessKeyInfoInRecycleBin | Queries information about an AccessKey pair in the recycle bin. |
GetAccessKeyLastUsed | Queries the time when an AccessKey pair is last used. |
GetAccessKeyPolicy | Queries the policies that are attached to a specified AccessKey pair. |
GetAccessKeysLastUsed | Queries the time when an AccessKey pair was last used. |
GetAccountMFAInfo | Queries information about the MFA devices of an Alibaba Cloud account. |
GetAccountSecurityPracticeReport | Queries the security report of an Alibaba Cloud account. |
GetAccountSummary | Queries the overview information about an Alibaba Cloud account. |
GetApplication | Queries the configuration information about an application. |
GetAppSecret | Queries information about a specified application secret. |
GetCredentialReport | Queries the content of a user credential report. |
GetDefaultDomain | Queries the default domain name. |
GetDomainAlias | Queries the alias of a domain name. |
GetGroup | Queries information about a specified RAM user group. |
GetLoginProfile | Queries the console logon information about a specified RAM user. |
GetOIDCProvider | Queries an OIDC IdP. |
GetPasswordPolicy | Queries the password policy of a RAM user. |
GetSAMLProvider | Queries information about an IdP for role-based SSO. |
GetSecurityPreference | Queries the security preferences of a RAM user. |
GetUser | Queries information about a RAM user. |
GetUserInRecycleBin | Queries information about a RAM user in the recycle bin. |
GetUserMFAInfo | Queries information about an MFA device. |
GetUserSsoSettings | Queries information about an IdP for user-based SSO. |
ListAccessKeys | Queries the AccessKey pairs of an Alibaba Cloud account or a RAM user. |
ListAccessKeysInRecycleBin | Queries AccessKey pairs in the recycle bin. |
ListApplications | Queries applications. |
ListAppSecretIds | Queries the IDs of the application secrets of a specified application. |
ListDomains | Queries the domain name of a user and the number of times that the domain name is resolved. |
ListGroups | Queries RAM user groups. |
ListGroupsForUser | Queries the RAM user groups to which a RAM user is added. |
ListOIDCProviders | Queries OIDC IdPs. |
ListPredefinedScopes | Queries predefined application permissions. |
ListSAMLProviders | Queries IdPs for role-based SSO. |
ListUserBasicInfos | Queries the basic information about all RAM users. |
ListUserGroups | Queries RAM user groups. |
ListUsers | Queries the details about all RAM users. |
ListUsersForGroup | Queries the RAM users in a specified RAM user group. |
ListUsersInRecycleBin | Queries RAM users in the recycle bin. |
ListVirtualMFADevices | Queries MFA devices. |
RemoveClientIdFromOIDCProvider | Removes a client ID from an OIDC IdP. |
RemoveFingerprintFromOIDCProvider | Removes a fingerprint from an OIDC IdP. |
RemoveUserFromGroup | Removes a RAM user from a RAM user group. |
RestoreAccessKeyFromRecycleBin | Restores an AccessKey pair from the recycle bin. |
RestoreUserFromRecycleBin | Restores a RAM user from the recycle bin. |
SetDefaultDomain | Sets a domain name as the default domain name. |
SetPasswordPolicy | Configures a password policy for a RAM user. |
SetSecurityPreference | Configures security preferences for a RAM user. |
SetUserSsoSettings | Configures information about an IdP for user-based SSO. |
UnbindMFADevice | Unbinds an MFA device from a RAM user. |
UpdateAccessKey | Modifies the status of an AccessKey pair. |
UpdateApplication | Modifies the configuration information about an application. |
UpdateGroup | Modifies information about a specified RAM user group. |
UpdateLoginProfile | Modifies the logon information about a RAM user. |
UpdateOIDCProvider | Updates an OIDC IdP. |
UpdateSAMLProvider | Modifies information about an IdP for role-based SSO. |
UpdateUser | Modifies information about a RAM user. |
UpdateUserGroup | Updates the group information about a user. |
Verify | Verifies ID² data. |
GetCustomerMFA | None. |
GetDirectory | None. |
GetDomainVerificationRecords | None. |
GetOIDCIssuerCertFingerprint | None. |
GetSamlSsoProperties | None. |
GetSamlSsoSettings | None. |
ListDirectories | None. |
RemoveDomain | None. |