The following tables list API operations available for use in Identity Management Service (IMS).

User management

Operation Description
CreateUser Creates a RAM user.
GetUser Queries the details of a RAM user.
UpdateUser Modifies the information of a RAM user.
DeleteUser Deletes a RAM user.
ListUsers Queries the details of all RAM users.
ListUserBasicInfos Queries the basic information of all RAM users.
CreateLoginProfile Enables logon to the console for a RAM user.
GetLoginProfile Queries the logon information of a RAM user.
UpdateLoginProfile Modifies the logon information of a RAM user.
DeleteLoginProfile Disables logon to the console for a RAM user.
ChangePassword Changes the password that is used to log on to the console for a RAM user.
CreateAccessKey Creates an AccessKey pair for an Alibaba Cloud account or a RAM user.
UpdateAccessKey Modifies the status of an AccessKey pair for an Alibaba Cloud account or a RAM user.
DeleteAccessKey Deletes an AccessKey pair from an Alibaba Cloud account or a RAM user.
ListAccessKeys Queries AccessKey pairs of an Alibaba Cloud account or a RAM user.
GetAccessKeyLastUsed Queries the time when an AccessKey pair is used for the last time.
CreateVirtualMFADevice Creates an multi-factor authentication (MFA) device.
ListVirtualMFADevices Queries MFA devices.
DeleteVirtualMFADevice Deletes an MFA device.
DisableVirtualMFA Unbinds and deletes an MFA device from a RAM user.
BindMFADevice Binds an MFA device to a RAM user.
UnbindMFADevice Unbinds an MFA device from a RAM user.
GetAccountMFAInfo Queries the MFA status of an Alibaba Cloud account.
GetUserMFAInfo Queries the information of the MFA device that is bound to a RAM user.
GenerateCredentialReport Generates a user credential report.
GetCredentialReport Queries the content of a user credential report.
GetAccountSecurityPracticeReport Queries the security report of an Alibaba Cloud account.
GetAccountSummary Queries the overview information of an Alibaba Cloud account.

User group management

Operation Description
CreateGroup Creates a RAM user group.
GetGroup Queries the information of a RAM user group.
UpdateGroup Modifies the information of a RAM user group.
DeleteGroup Deletes a RAM user group.
ListGroups Queries RAM user groups.
AddUserToGroup Adds a RAM user to a RAM user group.
ListUsersForGroup Queries RAM users in a RAM user group.
ListGroupsForUser Queries the RAM user groups to which a RAM user belongs.
RemoveUserFromGroup Removes a RAM user from a RAM user group.

Single sign-on (SSO) management

API Description
SetUserSsoSettings Configures the information of identity providers (IdPs) for user-based SSO.
GetUserSsoSettings Queries the information of IdPs for user-based SSO.
CreateSAMLProvider Creates an IdP for role-based SSO.
GetSAMLProvider Queries the information of an IdP for role-based SSO.
UpdateSAMLProvider Modifies the information of an IdP for role-based SSO.
ListSAMLProviders Queries IdPs for role-based SSO.
DeleteSAMLProvider Deletes an IdP for role-based SSO.

Security settings

Operation Description
SetPasswordPolicy Configures the password policy for RAM users.
GetPasswordPolicy Queries the password policy for RAM users.
SetSecurityPreference Configures the security preferences for RAM users.
GetSecurityPreference Queries the security preferences of RAM users.
SetDefaultDomain Configures the default domain name.
GetDefaultDomain Queries the default domain name.