You must enable CloudSSO before you can use it. After you enable CloudSSO, you can use CloudSSO free of charge.

Prerequisites

  • A resource directory is enabled, and the multi-account organizational structure is built.

    For more information, see Resource Directory overview.

  • Only the management account that is used to enable a resource directory can be used to enable CloudSSO.
    • Management account

      A management account is the account that is used to enable a resource directory and is the super administrator of the resource directory. The management account has full permissions on the resource directory and the members in the resource directory. You must use an enterprise account to enable a resource directory. Each resource directory has only one management account. For more information, see Enterprise account.

    • RAM users

      You must attach the AliyunCloudSSOFullAccess system policy to the Resource Access Management (RAM) users of the management account. For more information, see Grant permissions to a RAM user.

Procedure

  1. Log on to the CloudSSO console.
  2. Click Activate Now.
    After you enable CloudSSO, CloudSSO automatically establishes a trusted relationship with your resource directory. Then, you can use CloudSSO to access the folders and members in your resource directory.

What to do next

After you enable CloudSSO, you must create the CloudSSO directory. For more information, see Create the CloudSSO directory.