All Products
Search
Document Center

ActionTrail:Auditable events of CloudSSO

Last Updated:Jun 03, 2026

CloudSSO is integrated with ActionTrail. You can query CloudSSO management events in the ActionTrail console. ActionTrail delivers these events to Log Service Logstores or Object Storage Service (OSS) buckets for real-time auditing and troubleshooting.

ActionTrail records events generated when you manage cloud resources through API operations or the Alibaba Cloud Management Console. The following table lists CloudSSO events available in ActionTrail.

Event

Description

AddExternalSAMLIdPCertificate

Adds a Security Assertion Markup Language (SAML) signing certificate.

AddPermissionPolicyToAccessConfiguration

Adds a policy to an access configuration.

AddUserToGroup

Adds a user to a group.

ChangePassword

Modifies a user password.

CheckRDFeaturePrerequisite

Checks prerequisites for enabling the resource directory integration feature.

CheckServiceLinkedRoleForDeleting

Checks whether a service-linked role can be deleted.

ClearExternalSAMLIdentityProvider

Clears SAML identity provider (IdP) configurations.

CreateAccessAssignment

Grants a user or group access to a resource directory account through an access configuration.

CreateAccessConfiguration

Creates an access configuration.

CreateCloudCredential

Creates a temporary Alibaba Cloud access key.

CreateDirectory

Creates a directory.

CreateGroup

Creates a group.

CreateSCIMServerCredential

Creates a cross-domain identity management (SCIM) credential.

CreateUser

Creates a user.

DeleteAccessAssignment

Removes access permissions from a resource directory account.

DeleteAccessConfiguration

Deletes an access configuration.

DeleteDirectory

Deletes a directory.

DeleteGroup

Deletes a group.

DeleteMFADevice

Deletes a multi-factor authentication (MFA) device.

DeleteMFADeviceForUser

Unbinds an MFA device from a user.

DeleteSCIMServerCredential

Deletes a SCIM credential.

DeleteUser

Deletes a user.

DeprovisionAccessConfiguration

De-provisions an access configuration from a resource directory account.

DisableService

Deactivates CloudSSO.

EnableDirectoryRDFeature

Enables the CloudSSO resource directory integration feature.

EnableService

Activates CloudSSO.

GetAccessConfiguration

Queries access configuration details.

GetDirectory

Queries directory details.

GetDirectoryRDFeatureStatus

Queries the CloudSSO resource directory integration feature status.

GetDirectorySAMLServiceProviderInfo

Queries SAML service provider details.

GetDirectoryStatistics

Queries directory statistics.

GetExternalSAMLIdentityProvider

Queries SAML IdP configurations.

GetGroup

Queries group details.

GetMFAAuthenticationSettings

Queries MFA settings for all users.

GetMFAAuthenticationStatus

Checks whether MFA is enabled for users.

GetNewMFADevice

Queries a new MFA device.

GetSCIMSynchronizationStatus

Queries SCIM synchronization status.

GetServiceStatus

Queries CloudSSO status.

GetTask

Queries asynchronous task details.

GetTaskStatus

Queries asynchronous task status.

GetUser

Queries user details.

GetUserMFAAuthenticationSettings

Queries a user's MFA setting.

ListAccessAssignments

Queries assigned access permissions.

ListAccessConfigurationProvisionings

Queries provisioned access configurations.

ListAccessConfigurations

Queries access configurations.

ListAccessConfigurationsForAccount

Queries access configurations for a resource directory account.

ListAccounts

Queries all Alibaba Cloud accounts accessible to a user.

ListDirectories

Queries directories.

ListExternalSAMLIdPCertificates

Queries SAML signing certificates.

ListGroupMembers

Queries group members.

ListGroups

Queries groups.

ListJoinedGroupsForUser

Queries groups that a user belongs to.

ListMFADevices

Queries MFA devices.

ListMFADevicesForUser

Queries MFA devices bound to a user.

ListPermissionPoliciesInAccessConfiguration

Queries policies in an access configuration.

ListSCIMServerCredentials

Queries SCIM credentials.

ListTasks

Queries asynchronous tasks.

ListUsers

Queries users.

Login

Logs on to the Alibaba Cloud Management Console.

LoginToAccount

Logs on to a resource directory account.

ProvisionAccessConfiguration

Provisions an access configuration for a resource directory account.

RegisterMFADevice

Binds an MFA device.

RemoveExternalSAMLIdPCertificate

Removes a SAML signing certificate.

RemovePermissionPolicyFromAccessConfiguration

Removes a policy from an access configuration.

RemoveUserFromGroup

Removes a user from a group.

ResetUserPassword

Resets a user password.

RevokeAccessToken

Revokes an access token.

SetExternalSAMLIdentityProvider

Configures a SAML IdP.

SetMFAAuthenticationStatus

Enables or disables MFA for directory users.

SetSCIMSynchronizationStatus

Enables or disables SCIM synchronization.

UpdateAccessConfiguration

Modifies access configuration details.

UpdateDirectory

Renames a directory.

UpdateGroup

Modifies group details.

UpdateInlinePolicyForAccessConfiguration

Modifies an inline policy in an access configuration.

UpdateMFAAuthenticationSettings

Modifies MFA settings for all users.

UpdateMFADevice

Modifies MFA device details.

UpdateSCIMServerCredentialStatus

Enables or disables a SCIM credential.

UpdateUser

Modifies user details.

UpdateUserMFAAuthenticationSettings

Modifies a user's MFA setting.

UpdateUserStatus

Changes user status.