You must enable CloudSSO before you can use it. After you enable CloudSSO, you can use CloudSSO free of charge.
Prerequisites
A resource directory is enabled, and the multi-account organizational structure is built.
For more information, see Resource Directory overview.
Only the management account of a resource directory or a RAM user that has administrative rights within the management account can be used to enable CloudSSO.
Management account
A management account is the account that is used to enable a resource directory and is the super administrator of the resource directory. The management account has full permissions on the resource directory and the members in the resource directory. You must use an Alibaba Cloud account that has passed enterprise real-name verification to enable a resource directory. Each resource directory has only one management account.
RAM users
You must attach the AliyunCloudSSOFullAccess system policy to the RAM users of the management account. For more information, see Grant permissions to RAM users.
Procedure
Log on to the CloudSSO console.
Read Terms of Service and select Read and Agree to Terms of Service.
Click Activate Now.
After you enable CloudSSO, CloudSSO automatically establishes a trusted relationship with your resource directory. Then, you can use CloudSSO to access the folders and members in your resource directory.
What to do next
After you enable CloudSSO, you must create the CloudSSO directory. For more information, see Create the CloudSSO directory.