List of operations by function - Resource Access Management

This product(Ims/2019-08-15) OpenAPI adopts RPC Signature style. See signature details in Description of the signature mechanism. We have packaged SDKs for common programming languages for developers. Developers can directly call the OpenAPI of this product by downloading the SDK without paying attention to the technical details. If the existing SDK cannot meet the usage requirements, you can connect through the signature mechanism. It will take about 5 working days. Therefore, it is recommended to join our DingTalk service group (11370001915) and sign under the guidance of experts.

Before using the API, you need to prepare your identity account and access key (AccessKey) to effectively access the API through client tools (SDK, CLI, etc.). For details see getAccessKey.

User management

API	Title	Description
RAM user	RAM user
CreateUser	CreateUser	Creates a RAM user.
GetUser	GetUser	Queries the information about a RAM user.
UpdateUser	UpdateUser	Modifies the information about a RAM user.
DeleteUser	DeleteUser	Deletes a RAM user.
ListUsers	ListUsers	Queries the details of all RAM users.
ListUserBasicInfos	ListUserBasicInfos	Queries the basic information about all RAM users.
GetAccountSummary	GetAccountSummary	Queries the overview information of an Alibaba Cloud account.
Logon	Logon
CreateLoginProfile	CreateLoginProfile	Enables logon to the console for a RAM user.
GetLoginProfile	GetLoginProfile	Queries the console logon settings of a RAM user.
UpdateLoginProfile	UpdateLoginProfile	Modifies the logon information of a RAM user.
DeleteLoginProfile	DeleteLoginProfile	Disables logon to the console for a RAM user.
ChangePassword	ChangePassword	Changes the password that is used to log on to the console for a Resource Access Management (RAM) user.
AccessKey	AccessKey
CreateAccessKey	CreateAccessKey	Creates an AccessKey pair for an Alibaba Cloud account or a RAM user.
DeleteAccessKey	DeleteAccessKey	Deletes an AccessKey pair from an Alibaba Cloud account or a RAM user.
UpdateAccessKey	UpdateAccessKey	Modifies the status of an AccessKey pair for an Alibaba Cloud account or a RAM user.
GetAccessKeyLastUsed	GetAccessKeyLastUsed	Queries the time when an AccessKey pair was used for the last time.
ListAccessKeys	ListAccessKeys	Queries the AccessKey pairs of an Alibaba Cloud account or a RAM user.
MFA	MFA
CreateVirtualMFADevice	CreateVirtualMFADevice	Creates a multi-factor authentication (MFA) device.
ListVirtualMFADevices	ListVirtualMFADevices	Queries multi-factor authentication (MFA) devices.
DeleteVirtualMFADevice	DeleteVirtualMFADevice	Deletes a multi-factor authentication (MFA) device.
DisableVirtualMFA	DisableVirtualMFA	Unbinds and deletes an MFA device from a RAM user.
BindMFADevice	BindMFADevice	Binds a multi-factor authentication (MFA) device to a RAM user.
UnbindMFADevice	UnbindMFADevice	Unbinds a multi-factor authentication (MFA) device from a RAM user.
GetAccountMFAInfo	GetAccountMFAInfo	Queries a multi-factor authentication (MFA) device of an Alibaba Cloud account.
GetUserMFAInfo	GetUserMFAInfo	Queries the information of the multi-factor authentication (MFA) device that is bound to a RAM user.
Tag	Tag
TagResources	TagResources	Adds tags to resources.
UntagResources	UntagResources	Removes tags from a resource.
ListTagResources	ListTagResources	Queries the tags that are added resources.

User group management

API	Title	Description
CreateGroup	CreateGroup	Creates a RAM user group.
GetGroup	GetGroup	Queries the information about a Resource Access Management (RAM) user group.
UpdateGroup	UpdateGroup	Modifies the information of a RAM user group.
DeleteGroup	DeleteGroup	Deletes a RAM user group.
ListGroups	ListGroups	Queries RAM user groups.
AddUserToGroup	AddUserToGroup	Adds a RAM user to a RAM user group.
RemoveUserFromGroup	RemoveUserFromGroup	Removes a RAM user from a RAM user group.
ListUsersForGroup	ListUsersForGroup	Queries Resource Access Management (RAM) users in a RAM user group.
ListGroupsForUser	ListGroupsForUser	Queries the RAM user groups to which a RAM user belongs.

SSO management

API	Title	Description
SetUserSsoSettings	SetUserSsoSettings	Configures information about identity providers (IdPs) for user-based single sign-on (SSO).
GetUserSsoSettings	GetUserSsoSettings	Queries information about identity providers (IdPs) for user-based single sign-on (SSO).
CreateSAMLProvider	CreateSAMLProvider	Creates an identity provider (IdP) for role-based SSO.
DeleteSAMLProvider	DeleteSAMLProvider	Deletes an identity provider (IdP) for role-based SSO.
UpdateSAMLProvider	UpdateSAMLProvider	Modifies information about an identity provider (IdP) for role-based SSO.
GetSAMLProvider	GetSAMLProvider	Queries the information about an identity provider (IdP) for role-based single sign-on (SSO).
ListSAMLProviders	ListSAMLProviders	Queries identity providers (IdPs) for role-based SSO.
CreateOIDCProvider	CreateOIDCProvider	Creates an OpenID Connect (OIDC) identity provider (IdP) to configure a trust relationship between Alibaba Cloud and an external IdP. This topic provides an example on how to create an IdP named TestOIDCProvider to configure a trust relationship between the external IdP Okta and Alibaba Cloud.
GetOIDCProvider	GetOIDCProvider	Queries the information about an OIDC IdP.
UpdateOIDCProvider	UpdateOIDCProvider	Modifies the description and client IDs of an OpenID Connect (OIDC) identity provider (IdP).
ListOIDCProviders	ListOIDCProviders	Queries OIDC IdPs.
DeleteOIDCProvider	DeleteOIDCProvider	Deletes an OpenID Connect (OIDC) identity provider (IdP).
AddClientIdToOIDCProvider	AddClientIdToOIDCProvider	Adds a client ID to an OpenID Connect (OIDC) identity provider (IdP).
RemoveClientIdFromOIDCProvider	RemoveClientIdFromOIDCProvider	Removes a client ID from an OpenID Connect (OIDC) identity provider (IdP).
AddFingerprintToOIDCProvider	AddFingerprintToOIDCProvider	Adds a fingerprint to an OpenID Connect (OIDC) identity provider (IdP).
RemoveFingerprintFromOIDCProvider	RemoveFingerprintFromOIDCProvider	Removes a fingerprint from an OpenID Connect (OIDC) identity provider (IdP).

OAuth management

API	Title	Description
CreateApplication	CreateApplication	Creates an application.
GetApplication	GetApplication	Queries the configuration information about an application.
UpdateApplication	UpdateApplication	Modifies the information about a specified application.
DeleteApplication	DeleteApplication	Deletes an application.
ListApplications	ListApplications	Lists the created applications.
ListPredefinedScopes	ListPredefinedScopes	Queries predefined application permissions.
CreateAppSecret	CreateAppSecret	Creates an application secret for the specified application.
GetAppSecret	GetAppSecret	Queries the details of an application secret.
ListAppSecretIds	ListAppSecretIds	Queries the secret IDs of an application.
DeleteAppSecret	DeleteAppSecret	Delete the application secret for the specified application.

Security settings

API	Title	Description
SetPasswordPolicy	SetPasswordPolicy	Configures the password policy for RAM users.
GetPasswordPolicy	GetPasswordPolicy	Queries the details of the password policy for RAM users.
SetSecurityPreference	SetSecurityPreference	Configures security preferences for a RAM user.
GetSecurityPreference	GetSecurityPreference	Queries the security preferences for RAM users.
SetDefaultDomain	SetDefaultDomain	Configures the default domain name.
GetDefaultDomain	GetDefaultDomain	Queries the default domain name of an Alibaba Cloud account.
GetCredentialReport	GetCredentialReport	Queries the user credential reports of an Alibaba Cloud account.
GetAccountSecurityPracticeReport	GetAccountSecurityPracticeReport	Queries the security report for an Alibaba Cloud account.
GenerateCredentialReport	GenerateCredentialReport	Generates a user credential report.