This topic describes some basic concepts of security settings in the RAM console.
An identity credential that is used to log on to the Alibaba Cloud console.
Default domain name
A unique identifier of an Alibaba Cloud account. Alibaba Cloud assigns a default domain
name for each Alibaba Cloud account. The format of the default domain name is
<AccountAlias>.onaliyun.com. This unique identifier can be used for RAM user logon and single sign-on (SSO) management.
For information about how to set a default domain name, see Manage the default domain name.
A custom domain name that can be used to replace the default domain name. The custom domain name must be publicly resolvable. A domain alias is the alias of the default domain name.
For information about how to set a domain alias, see Create a domain alias.
An identity credential that consists of an AccessKey ID and AccessKey secret. You can use your AccessKey pair or Alibaba Cloud SDK to sign API requests that you send to Alibaba Cloud. The AccessKey ID and AccessKey secret are used for symmetric encryption and identity verification. After the identity is verified, you can manage Alibaba Cloud resources by calling API operations.
The AccessKey ID is used to identify a user, and the AccessKey secret is used to encrypt and verify a signature string.
For information about how to create an AccessKey pair, see Create an AccessKey pair for a RAM user.
Multi-factor authentication (MFA)
A simple best practice that adds an extra layer of protection on top of your username and password. Multi-factor authentication provides enhanced security for your account. If you log on to the Alibaba Cloud console with MFA enabled, you must enter the following information:
- Username and password
- Verification code provided by the MFA device