This topic describes how to use your Alibaba Cloud account to configure security policies for RAM users.
- Log on to the RAM console by using your Alibaba Cloud account.
- In the left-side navigation pane, choose .
- On the Security Settings tab, click Modify RAM User Security Settings.
- In the Modify RAM User Security Settings panel, configure the parameters.
- Remember MFA for Seven Days: specifies whether to allow RAM users to remember the multi-factor authentication (MFA) devices for seven days.
- Manage Passwords: specifies whether to allow RAM users to change their passwords.
- Manage AccessKey Pairs: specifies whether to allow RAM users to manage their AccessKey pairs.
- Manage MFA Devices: specifies whether to allow RAM users to enable and disable MFA devices.
- MFA for RAM User Logons: specifies whether MFA is required for all RAM users when the RAM users use usernames and passwords to log on to the Alibaba Cloud Management Console. If you set this parameter to Apply User-specific Configuration, user-specific settings are applied.
- Logon Session Validity Period: specifies the validity period of a logon session. The validity period is measured
Note If you assume a RAM role or use single sign-on (SSO) to log on to the Alibaba Cloud Management Console, the validity period of your session is no greater than the value of the Logon Session Validity Period parameter. For more information, see Assume a RAM role and SAML response for role-based SSO.
- Logon Address Mask: specifies the IP addresses from which you can log on to the Alibaba Cloud Management Console by using a password or SSO. By default, this parameter is left empty, which indicates that logon from all IP addresses is allowed. If you enter IP addresses in this field, console logons, including password-based and SSO-based logon, from these IP addresses are limited. However, API calls that are initiated from these IP addresses by using AccessKey pairs are not limited.
- Click OK. Note The settings take effect on all the RAM users of your Alibaba Cloud account.