All Products
Search
Document Center

CloudSSO:Log on to the CloudSSO user portal and access Alibaba Cloud resources

最終更新日:Mar 14, 2024

After you log on to the CloudSSO user portal, you can view the accounts that you can access in your resource directory and access the resources of the accounts as a Resource Access Management (RAM) role or RAM user.

Step 1: Obtain the URL of the CloudSSO user portal

  1. Log on to the CloudSSO console as a CloudSSO administrator.

  2. In the left-side navigation pane, click Overview.

  3. In the User Logon URL section on the right side of the Overview page, view or copy the logon URL.

    用户登录URL

    Note

    If you enable the accelerated URL feature, CloudSSO users can use the accelerated URL when they log on to the CloudSSO user portal. For more information, see Accelerate access from outside the Chinese mainland.

Step 2: Log on to the CloudSSO user portal

  1. Enter the URL that is obtained from Step 1 in your browser.

  2. Log on to the CloudSSO user portal based on a specified logon method.

    • Single sign-on (SSO)

      1. Click Redirect to go to the logon page of the enterprise identity provider (IdP).云SSO登录跳转

      2. Use the username and password of the enterprise IdP to log on to the CloudSSO user portal.

    • Username-password logon

      1. Enter the username and password of the CloudSSO user and click Log On.

        image.png

      2. Optional. If multi-factor authentication (MFA) is enabled, complete MFA verification.

        • If this is your first time to log on to the CloudSSO user portal, you must bind an MFA device. For more information, see Bind the first MFA device.

        • If an MFA device is bound, enter the verification code that is obtained from the mobile device and click Verify.

Note

The logon session for a CloudSSO user is valid for 8 hours. After a CloudSSO user logs on to the CloudSSO user portal, the logon session starts, which is valid for 8 hours. If the logon session expires, the CloudSSO user must log on again.

Step 3: Access the resources of an account in your resource directory

RAM role-based logon

If the resources of a cloud service can be accessed as a RAM role and a CloudSSO user is assigned the access permissions on an account in your resource directory by using an access configuration, the CloudSSO user can access the resources of the account as a RAM role. This method is suitable for most cloud services.

  1. On the Log on as RAM Role tab, click the required account in your resource directory and click Show Details in the Permissions column.

    You can select one of the accounts from the account list and access resources of the account based on your business requirements.

    RD账号列表

    Note

    If no data is available in the list, you have no access permissions on the accounts in your resource directory.

  2. In the access configuration list that appears, find the access configuration that you want to use to access resources and click Log On in the Actions column.

    You can select one of the access configurations from the list and access the resources of the account based on your business requirements.

    权限列表

    Note

    If no data is available in the list, you do not have permissions to access the resources of the account.

  3. Access the resources of the account as a RAM role.

    You can move the pointer over the profile picture in the upper-right corner of the console to view the current logon identity.查看当前身份

RAM user-based logon

If a cloud service cannot be accessed as a RAM role and you create a RAM user provisioning for an account in your resource directory by using CloudSSO, you can access the resources of the account as a RAM user.

  1. On the Log on as RAM User tab, find the required account in your resource directory and click Log On in the Actions column.

    You can select one of the accounts from the account list and access resources of the account based on your business requirements.

    RAM用户登录

    Note

    If no data is available in the list, you have no access permissions on the accounts in your resource directory.

  2. Access the resources of the account as a RAM user.

    You can move the pointer over the profile picture in the upper-right corner of the console to view the current logon identity.RAM用户身份