This product(
Eiam/2021-12-01) OpenAPI adopts RPC Signature style. See signature details in Description of the signature mechanism. We have packaged SDKs for common programming languages for developers. Developers can directly call the OpenAPI of this product by downloading the SDK without paying attention to the technical details. If the existing SDK cannot meet the usage requirements, you can connect through the signature mechanism. It will take about 5 working days. Therefore, it is recommended to join our DingTalk service group (78410016550) and sign under the guidance of experts. Before using the API, you need to prepare your identity account and access key (AccessKey) to effectively access the API through client tools (SDK, CLI, etc.). For details see getAccessKey.
Region
| API | Title | Description |
|---|---|---|
| ListRegions | ListRegions | Queries a list of supported Alibaba Cloud regions. |
Instance
| API | Title | Description |
|---|---|---|
| CreateInstance | CreateInstance | Creates an instance based on which all capabilities of Identity as a Service (IDaaS) Enterprise Identity and Access Management (EIAM) are provided. |
| DeleteInstance | DeleteInstance | Deletes an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS) that you do not need. |
| UpdateInstanceDescription | UpdateInstanceDescription | Modifies the description of an Enterprise Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS). |
| ListInstances | ListInstances | Queries the information about one or more Enterprise Identity and Access Management (EIAM) instances of Identity as a Service (IDaaS). |
| GetInstance | GetInstance | Queries the information of an Enterprise Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS). |
Application
| API | Title | Description |
|---|---|---|
| Basics | Basics | |
| CreateApplication | CreateApplication | Adds an application to an Enterprise Identity Access Management (EIAM) instance of Identity as a Service (IDaaS). |
| DeleteApplication | DeleteApplication | Deletes an Employee Identity and Access Management (EIAM) application. |
| UpdateApplicationDescription | UpdateApplicationDescription | Modifies the description of an Employee Identity and Access Management (EIAM) application. |
| EnableApplication | EnableApplication | Enables a disabled Employee Identity and Access Management (EIAM) application. |
| DisableApplication | DisableApplication | Disables an enabled Employee Identity and Access Management (EIAM) application. All features of the EIAM application cannot be used if you disable the EIAM application. |
| GetApplication | GetApplication | Queries the details of an Employee Identity and Access Management (EIAM) application. |
| ListApplications | ListApplications | Queries the information about one or multiple Employee Identity and Access Management (EIAM) applications by page. |
| SSO | SSO | |
| SetApplicationSsoConfig | SetApplicationSsoConfig | Specifies the single sign-on (SSO) configuration attributes of an application in Identity as a Service (IDaaS) Employee IAM (EIAM). |
| GetApplicationSsoConfig | GetApplicationSsoConfig | Queries the single sign-on (SSO) configuration attributes of an application in Identity as a Service (IDaaS) Employee IAM (EIAM). |
| Authorization | Authorization | |
| AuthorizeApplicationToUsers | AuthorizeApplicationToUsers | Grants the access permissions on an application to multiple Employee Identity and Access Management (EIAM) accounts at a time. |
| AuthorizeApplicationToOrganizationalUnits | AuthorizeApplicationToOrganizationalUnits | Grants the access permissions on an application to multiple Employee Identity and Access Management (EIAM) organizations at a time. |
| AuthorizeApplicationToGroups | AuthorizeApplicationToGroups | Grants the permissions to access an application to multiple account groups at a time in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| RevokeApplicationFromUsers | RevokeApplicationFromUsers | Revokes the permissions to access an application from multiple Employee Identity and Access Management (EIAM) accounts at a time. |
| RevokeApplicationFromOrganizationalUnits | RevokeApplicationFromOrganizationalUnits | Revokes the permissions to access an application from multiple Employee Identity and Access Management (EIAM) organizations at a time. |
| RevokeApplicationFromGroups | RevokeApplicationFromGroups | Revokes the permissions to access an application from multiple account groups at a time in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| UpdateApplicationAuthorizationType | UpdateApplicationAuthorizationType | Modifies the authorization type of an Employee Identity and Access Management (EIAM) application. |
| ListUsersForApplication | ListUsersForApplication | Queries the accounts that are allowed to access an Employee Identity and Access Management (EIAM) application. The return results include the IDs of the accounts. If you need to obtain the details of the accounts, call the GetUser operation. |
| ListOrganizationalUnitsForApplication | ListOrganizationalUnitsForApplication | Queries the organizations that are allowed to access an Employee Identity and Access Management (EIAM) application by page. The return result includes the IDs of the organizations. If you want to obtain the details of the organizations, call the GetOrganizationalUnit operation. |
| ListGroupsForApplication | ListGroupsForApplication | Queries the account groups that are granted permissions to access an application and displays the results by page. The IDs of the account groups are returned. To query the detailed information about the account groups, call the GetGroup operation. |
| ListApplicationsForUser | ListApplicationsForUser | Queries the applications that an Employee Identity and Access Management (EIAM) account can access. The return result includes the IDs of the applications. If you want to obtain the details of the applications, call the GetApplication operation. |
| ListApplicationsForOrganizationalUnit | ListApplicationsForOrganizationalUnit | Queries the applications that an Employee Identity and Access Management (EIAM) organization can access. The return result includes the IDs of the applications. If you want to obtain the details of the applications, call the GetApplication operation. |
| Client Secret | Client Secret | |
| CreateApplicationClientSecret | CreateApplicationClientSecret | Creates a client key for an Employee Identity and Access Management (EIAM) application. An EIAM application can have up to two client keys. |
| DeleteApplicationClientSecret | DeleteApplicationClientSecret | Deletes a client key for an Employee Identity and Access Management (EIAM) application. |
| DisableApplicationClientSecret | DisableApplicationClientSecret | Disables a client key of an Employee Identity and Access Management (EIAM) application. |
| EnableApplicationClientSecret | EnableApplicationClientSecret | Enables the client key of an application in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| ListApplicationClientSecrets | ListApplicationClientSecrets | Queries all client keys of an Employee Identity and Access Management (EIAM) application. The returned key secret is not masked. If you want to query the key secret that is masked, call the ObtainApplicationClientSecret operation. |
| ObtainApplicationClientSecret | ObtainApplicationClientSecret | Queries a client key of an Employee Identity and Access Management (EIAM) application. The returned key secret is masked. If you want to query the key secret that is not masked, call the ListApplicationClientSecrets operation. |
| API | API | |
| EnableApplicationApiInvoke | EnableApplicationApiInvoke | Enables the Developer API feature for an Employee Identity and Access Management (EIAM) application. |
| DisableApplicationApiInvoke | DisableApplicationApiInvoke | Disables the Developer API feature for an Employee Identity and Access Management (EIAM) application. |
| SetApplicationGrantScope | SetApplicationGrantScope | Configures the permissions of the Developer API feature of an Employee Identity and Access Management (EIAM) application. |
| GetApplicationGrantScope | GetApplicationGrantScope | Queries the permissions of the Developer API feature for an Employee Identity and Access Management (EIAM) application. |
| Provisioning | Provisioning | |
| DisableApplicationProvisioning | DisableApplicationProvisioning | Disables the account synchronization feature for an application in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| EnableApplicationProvisioning | EnableApplicationProvisioning | Enables the account synchronization feature for an application in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| SetApplicationProvisioningConfig | SetApplicationProvisioningConfig | Configures the account synchronization feature for an application in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| SetApplicationProvisioningScope | SetApplicationProvisioningScope | Sets the account synchronization scope of applications in Identity as a Service (IDaaS) Employee IAM (EIAM). This scope is the same as the scope within which developers can call the DeveloperAPI to query and manage accounts. |
| GetApplicationProvisioningConfig | GetApplicationProvisioningConfig | Queries the configuration of the account synchronization feature for an application in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| GetApplicationProvisioningScope | GetApplicationProvisioningScope | Queries the account synchronization scope of applications in Identity as a Service (IDaaS) Employee IAM (EIAM). This scope is the same as the scope within which developers can call the DeveloperAPI to query and manage accounts. |
User
| API | Title | Description |
|---|---|---|
| CreateUser | CreateUser | Creates an account in an Identity as a Service (IDaaS) Enterprise Identity Access Management (EIAM) instance. |
| AddUserToOrganizationalUnits | AddUserToOrganizationalUnits | Adds an Employee Identity and Access Management (EIAM) account to multiple EIAM organizations of Identity as a Service (IDaaS). If the account already exists in the organizational unit, the system directly returns a success response. |
| DeleteUser | DeleteUser | Deletes an Employee Identity and Access Management (EIAM) account of Identity as a Service (IDaaS). The information related to the account is cleared. |
| RemoveUserFromOrganizationalUnits | RemoveUserFromOrganizationalUnits | Removes an Employee Identity and Access Management (EIAM) account from multiple EIAM organizations of Identity as a Service (IDaaS). You cannot remove an account from a primary organization. |
| UpdateUser | UpdateUser | Updates the basic information about an Employee Identity and Access Management (EIAM) account of Identity as a Service (IDaaS). |
| UpdateUserPassword | UpdateUserPassword | Updates the password information of an Employee Identity and Access Management (EIAM) account of Identity as a Service (IDaaS). The password must meet the requirements of the password policies that are configured in the IDaaS console. |
| UpdateUserDescription | UpdateUserDescription | Modifies the description of an Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM) account. |
| DisableUser | DisableUser | Disables an Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM) account. If the account is disabled, a success message is returned. |
| EnableUser | EnableUser | Enables an Employee Identity and Access Management (EIAM) account of Identity as a Service (IDaaS). |
| UnlockUser | UnlockUser | Unlocks an Employee Identity and Access Management (EIAM) account of Identity as a Service (IDaaS) that is locked. |
| SetUserPrimaryOrganizationalUnit | SetUserPrimaryOrganizationalUnit | Updates the primary organizational unit to which an Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM) account belongs. This account will be removed from the previous primary organizational unit and added to the new primary organization. |
| GetUser | GetUser | Queries the details of an account in Identity as a Service (IDaaS) Employee IAM (EIAM). |
| ListUsers | ListUsers | Queries the details of accounts in Identity as a Service (IDaaS) Employee IAM (EIAM) by page. |
Organizational Unit
| API | Title | Description |
|---|---|---|
| CreateOrganizationalUnit | CreateOrganizationalUnit | Creates an organization in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| DeleteOrganizationalUnit | DeleteOrganizationalUnit | Deletes an organization in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). If the organization has EIAM accounts or child organizations, the delete operation fails. |
| DeleteOrganizationalUnitChildren | DeleteOrganizationalUnitChildren | Deletes information about an organization and forcefully deletes all accounts and sub-organizations in the organization. |
| UpdateOrganizationalUnit | UpdateOrganizationalUnit | Updates the basic information about an Employee Identity and Access Management (EIAM) organization. The basic information about the organization is not updated by default if no parameter is specified. |
| UpdateOrganizationalUnitDescription | UpdateOrganizationalUnitDescription | Modifies the description of an Employee Identity and Access Management (EIAM) organization. |
| UpdateOrganizationalUnitParentId | UpdateOrganizationalUnitParentId | Updates the parent organization ID of an organization in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). In this case, the organization is moved from a parent node to a new node. |
| GetRootOrganizationalUnit | GetRootOrganizationalUnit | Queries the information about the root organizational unit in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| GetOrganizationalUnit | GetOrganizationalUnit | Queries the information about an organizational unit in Identity as a Service (IDaaS) Employee IAM (EIAM). |
| ListOrganizationalUnits | ListOrganizationalUnits | Queries the information about organizational units in Identity as a Service (IDaaS) Employee IAM (EIAM) by page. |
Group
| API | Title | Description |
|---|---|---|
| CreateGroup | CreateGroup | Creates an account group in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| AddUsersToGroup | AddUsersToGroup | Adds Employee Identity and Access Management (EIAM) accounts to an EIAM group of Identity as a Service (IDaaS). |
| DeleteGroup | DeleteGroup | Deletes the information of an account group in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| RemoveUsersFromGroup | RemoveUsersFromGroup | Removes Employee Identity and Access Management (EIAM) accounts from an EIAM group of Identity as a Service (IDaaS). |
| UpdateGroup | UpdateGroup | Updates the information about an account group in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). If the information is empty, the information is not updated by default. |
| UpdateGroupDescription | UpdateGroupDescription | Updates the description of an Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM) account group. |
| GetGroup | GetGroup | Queries the information of an account group in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| ListGroups | ListGroups | Queries a list of account groups in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| ListUsersForGroup | ListUsersForGroup | Queries the information of accounts in an Employee Identity and Access Management (EIAM) group of Identity as a Service (IDaaS). |
| ListGroupsForUser | ListGroupsForUser | Queries a list of account groups to which an Employee Identity and Access Management (EIAM) account of Identity as a Service (IDaaS) belongs. |
Password Policy
| API | Title | Description |
|---|---|---|
| SetForgetPasswordConfiguration | SetForgetPasswordConfiguration | Configures a forgot password policy for an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS). |
| SetPasswordInitializationConfiguration | SetPasswordInitializationConfiguration | Sets the password initialization configurations for an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS). |
| SetPasswordHistoryConfiguration | SetPasswordHistoryConfiguration | Configures a password history policy for an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS). |
| SetPasswordExpirationConfiguration | SetPasswordExpirationConfiguration | Configures a password expiration policy for an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS). |
| SetPasswordComplexityConfiguration | SetPasswordComplexityConfiguration | Configures a password complexity policy for an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS). |
| GetForgetPasswordConfiguration | GetForgetPasswordConfiguration | Queries the forgot password configurations of an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS). |
| GetPasswordInitializationConfiguration | GetPasswordInitializationConfiguration | Queries the password initialization configurations of an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS). |
| GetPasswordHistoryConfiguration | GetPasswordHistoryConfiguration | Queries the password history configurations of an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS). |
| GetPasswordExpirationConfiguration | GetPasswordExpirationConfiguration | Queries the password expiration configurations of an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS). |
| GetPasswordComplexityConfiguration | GetPasswordComplexityConfiguration | Queries the password complexity configurations of an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS). |