List of operations by function - CloudSSO - Alibaba Cloud Documentation Center

This product(cloudsso/2021-05-15) OpenAPI adopts RPC Signature style. See signature details in Description of the signature mechanism. We have packaged SDKs for common programming languages for developers. Developers can directly call the OpenAPI of this product by downloading the SDK without paying attention to the technical details. If the existing SDK cannot meet the usage requirements, you can connect through the signature mechanism. It will take about 5 working days. Therefore, it is recommended to join our DingTalk service group (78410016550) and sign under the guidance of experts.

Before using the API, you need to prepare your identity account and access key (AccessKey) to effectively access the API through client tools (SDK, CLI, etc.). For details see getAccessKey.

CloudSSO

API	Title	Description
EnableService	EnableService	Enables CloudSSO.
DisableService	DisableService	Disables CloudSSO.
GetServiceStatus	GetServiceStatus	Queries the status of CloudSSO.
CreateDirectory	CreateDirectory	Creates a directory.
ListDirectories	ListDirectories	Queries directories.
GetDirectory	GetDirectory	Queries information about a directory.
GetDirectoryStatistics	GetDirectoryStatistics	Queries the statistics of a directory.
UpdateDirectory	UpdateDirectory	Changes the name of a directory.
DeleteDirectory	DeleteDirectory	Deletes a directory.
EnableDelegateAccount	EnableDelegateAccount	Enables the delegated administrator account of CloudSSO.
DisableDelegateAccount	DisableDelegateAccount	Disables the delegated administrator account of CloudSSO.

Users

API	Title	Description
CreateUser	CreateUser	Creates a user.
ListUsers	ListUsers	Queries users.
GetUser	GetUser	Queries information about a user.
UpdateUser	UpdateUser	Modifies information about a user.
UpdateUserStatus	UpdateUserStatus	Changes the status of a user.
DeleteUser	DeleteUser	Deletes a user.
ResetUserPassword	ResetUserPassword	Resets the password of a user.
ListMFADevicesForUser	ListMFADevicesForUser	Queries the multi-factor authentication (MFA) devices that are bound to a user. Up to two MFA devices can be bound to a user.
DeleteMFADeviceForUser	DeleteMFADeviceForUser	Unbinds a multi-factor authentication (MFA) device from a user.
UpdateMFAAuthenticationSettings	UpdateMFAAuthenticationSettings	Modifies the multi-factor authentication (MFA) setting of all users.
GetMFAAuthenticationSettings	GetMFAAuthenticationSettings	Queries the multi-factor authentication (MFA) setting of all users.
UpdateUserMFAAuthenticationSettings	UpdateUserMFAAuthenticationSettings	Modifies the multi-factor authentication (MFA) setting of a single user.
GetUserMFAAuthenticationSettings	GetUserMFAAuthenticationSettings	Queries the multi-factor authentication (MFA) setting of a single user.
GetMFAAuthenticationSettingInfo	GetMFAAuthenticationSettingInfo	Queries the multi-factor authentication (MFA) setting of all users.
SetLoginPreference	SetLoginPreference	Configures the logon preference of CloudSSO users.
GetLoginPreference	GetLoginPreference	Queries the logon preference of CloudSSO users.
SetPasswordPolicy	SetPasswordPolicy	Configures a password policy for CloudSSO users.
GetPasswordPolicy	GetPasswordPolicy	Queries the password policy of CloudSSO users.
GetUserId	GetUserId	Queries the ID of a user in a resource directory by using the ExternalId parameter.

Groups

API	Title	Description
CreateGroup	CreateGroup	Creates a group.
ListGroups	ListGroups	Queries groups.
GetGroup	GetGroup	Queries information about a group.
UpdateGroup	UpdateGroup	Modifies information about a group.
DeleteGroup	DeleteGroup	Deletes a group.
AddUserToGroup	AddUserToGroup	Adds a user to a group.
RemoveUserFromGroup	RemoveUserFromGroup	Removes a user from a group.
ListJoinedGroupsForUser	ListJoinedGroupsForUser	Queries the groups to which a user is added.
ListGroupMembers	ListGroupMembers	Queries the users in a group.

SCIM synchronization

API	Title	Description
CreateSCIMServerCredential	CreateSCIMServerCredential	Creates a Cross-domain Identity Management (SCIM) credential.
ListSCIMServerCredentials	ListSCIMServerCredentials	Queries Cross-domain Identity Management (SCIM) credentials.
UpdateSCIMServerCredentialStatus	UpdateSCIMServerCredentialStatus	Enables or disables a Cross-domain Identity Management (SCIM) credential.
DeleteSCIMServerCredential	DeleteSCIMServerCredential	Deletes a Cross-domain Identity Management (SCIM) credential.
SetSCIMSynchronizationStatus	SetSCIMSynchronizationStatus	Enables or disables Cross-domain Identity Management (SCIM) synchronization.
GetSCIMSynchronizationStatus	GetSCIMSynchronizationStatus	Queries the status of System for Cross-domain Identity Management (SCIM) synchronization.

SSO logon

API	Title	Description
GetDirectorySAMLServiceProviderInfo	GetDirectorySAMLServiceProviderInfo	Queries information about a Security Assertion Markup Language (SAML) service provider (SP).
SetExternalSAMLIdentityProvider	SetExternalSAMLIdentityProvider	Configures a Security Assertion Markup Language (SAML) identity provider (IdP).
GetExternalSAMLIdentityProvider	GetExternalSAMLIdentityProvider	Queries the configurations of a Security Assertion Markup Language (SAML) identity provider (IdP).
ClearExternalSAMLIdentityProvider	ClearExternalSAMLIdentityProvider	Clears the configurations of a Security Assertion Markup Language (SAML) identity provider (IdP).
AddExternalSAMLIdPCertificate	AddExternalSAMLIdPCertificate	Adds a Security Assertion Markup Language (SAML) signing certificate.
ListExternalSAMLIdPCertificates	ListExternalSAMLIdPCertificates	Queries Security Assertion Markup Language (SAML) signing certificates.
RemoveExternalSAMLIdPCertificate	RemoveExternalSAMLIdPCertificate	Removes a Security Assertion Markup Language (SAML) signing certificate.

Access configurations

API	Title	Description
CreateAccessConfiguration	CreateAccessConfiguration	Creates an access configuration.
ListAccessConfigurations	ListAccessConfigurations	Queries access configurations.
GetAccessConfiguration	GetAccessConfiguration	Queries information about an access configuration.
UpdateAccessConfiguration	UpdateAccessConfiguration	Modifies information about an access configuration.
DeleteAccessConfiguration	DeleteAccessConfiguration	Deletes an access configuration.
AddPermissionPolicyToAccessConfiguration	AddPermissionPolicyToAccessConfiguration	Adds a policy to an access configuration.
RemovePermissionPolicyFromAccessConfiguration	RemovePermissionPolicyFromAccessConfiguration	Removes a policy from an access configuration.
UpdateInlinePolicyForAccessConfiguration	UpdateInlinePolicyForAccessConfiguration	Modifies an inline policy that is created for an access configuration.
ListPermissionPoliciesInAccessConfiguration	ListPermissionPoliciesInAccessConfiguration	Queries the policies that are created for an access configuration.

Multi-account authorization

API	Title	Description
ProvisionAccessConfiguration	ProvisionAccessConfiguration	Provisions an access configuration for an account in your resource directory.
DeprovisionAccessConfiguration	DeprovisionAccessConfiguration	De-provisions an access configuration from an account in your resource directory.
ListAccessConfigurationProvisionings	ListAccessConfigurationProvisionings	Queries the access configurations that are provisioned.
CreateAccessAssignment	CreateAccessAssignment	Assigns access permissions on an account in your resource directory to a user or a group by using an access configuration.
ListAccessAssignments	ListAccessAssignments	Queries the access permissions that are assigned.
DeleteAccessAssignment	DeleteAccessAssignment	Removes the access permissions on an account in a resource directory.
ListTasks	ListTasks	Queries asynchronous tasks.
GetTask	GetTask	Queries information about an asynchronous task.
GetTaskStatus	GetTaskStatus	Queries the status of an asynchronous task.

Manage RAM user synchronization

API	Title	Description
CreateUserProvisioning	CreateUserProvisioning	Creates a Resource Access Management (RAM) user provisioning.
GetUserProvisioning	GetUserProvisioning	Queries a Resource Access Management (RAM) user provisioning.
ListUserProvisionings	ListUserProvisionings	Queries Resource Access Management (RAM) user provisionings.
UpdateUserProvisioning	UpdateUserProvisioning	Modifies a Resource Access Management (RAM) user provisioning.
DeleteUserProvisioning	DeleteUserProvisioning	Deletes a Resource Access Management (RAM) user provisioning.
UpdateUserProvisioningConfiguration	UpdateUserProvisioningConfiguration	Modifies the global configurations of a Resource Access Management (RAM) user provisioning.
GetUserProvisioningConfiguration	GetUserProvisioningConfiguration	Queries the global configurations of a Resource Access Management (RAM) user provisioning.
ListUserProvisioningEvents	ListUserProvisioningEvents	Queries Resource Access Management (RAM) user provisioning events.
GetUserProvisioningEvent	GetUserProvisioningEvent	Queries the information about a Resource Access Management (RAM) user provisioning.
DeleteUserProvisioningEvent	DeleteUserProvisioningEvent	Deletes a Resource Access Management (RAM) user provisioning event.
RetryUserProvisioningEvent	RetryUserProvisioningEvent	Retries a Resource Access Management (RAM) user provisioning event.
GetUserProvisioningStatistics	GetUserProvisioningStatistics	Queries the statistics of a Resource Access Management (RAM) user provisioning.
GetUserProvisioningRdAccountStatistics	GetUserProvisioningRdAccountStatistics	Queries statistics of Resource Access Management (RAM) user provisioning events that are created for the member in a resource directory.

Others (not maintained)

API	Title	Description
SetMFAAuthenticationStatus	SetMFAAuthenticationStatus	Enables or disables multi-factor authentication (MFA) for users in a directory.
GetMFAAuthenticationStatus	GetMFAAuthenticationStatus	Checks whether multi-factor authentication (MFA) is enabled for users.