All Products
Search

This Product

    CloudSSO:ListAccessConfigurationProvisionings

    Document Center

    CloudSSO:ListAccessConfigurationProvisionings

    Last Updated:Mar 30, 2026

    Queries the access configurations that are provisioned.

    Operation description

    This topic provides an example on how to query the accounts for which the access permission ac-00ccule7tadaijxc**** is provisioned. The returned result shows that the access configuration is provisioned for two accounts in your resource directory.

    Try it now

    Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

    Test

    RAM authorization

    The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

    • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

    • API: The API that you can call to perform the action.

    • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

    • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

      • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

      • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

    • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

    • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

    Action

    Access level

    Resource type

    Condition key

    Dependent action

    cloudsso:ListAccessConfigurationProvisionings

    list

    AccessConfiguration

    acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}

    AccessConfiguration

    acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/*

    		 None None

    Request parameters

    Parameter

    Type

    Required

    Description

    Example
    DirectoryId

    string

    Yes

    The ID of the directory.

    d-00fc2p61****
    AccessConfigurationId

    string

    No

    The ID of the access configuration. The ID can be used to filter access permissions.

    ac-00ccule7tadaijxc****
    TargetType

    string

    No

    The type of the task object. The type can be used to filter access permissions.

    Set the value to RD-Account, which specifies the accounts in the resource directory.

    Note

    You can use the type to filter access permissions only if you specify both TargetId and TargetType.

    RD-Account
    TargetId

    string

    No

    The ID of the task object. The ID can be used to filter access permissions.

    Note

    You can use the type to filter access permissions only if you specify both TargetId and TargetType.

    114240524784****
    ProvisioningStatus

    string

    No

    The status of the access configuration. The value can be used to filter accounts. Valid values:

    • Provisioned: The access configuration is provisioned.

    • ReprovisionRequired: The access configuration needs to be re-provisioned.

    • DeprovisionFailed: The access configuration failed to be provisioned.

    Provisioned
    NextToken

    string

    No

    The returned value of NextToken is a pagination token, which can be used in the next request to retrieve a new page of results. If this is your first time to call this operation, you do not need to specify the NextToken parameter.

    When you call this operation for the first time, if the total number of entries to return exceeds the value of MaxResults, the entries are truncated. Only the entries that match the value of MaxResults are returned, and the excess entries are not returned. In this case, the value of the response parameter IsTruncated is true, and NextToken is returned. In the next call, you can use the value of NextToken and maintain the settings of the other request parameters to query the excess entries. You can repeat the call until the value of IsTruncated becomes false. This way, all entries are returned.

    K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****
    MaxResults

    integer

    No

    The maximum number of entries per page.

    Valid values: 1 to 20.

    Default value: 10.

    10

    Response elements

    Element

    Type

    Description

    Example

    object

    The returned results.

    NextToken

    string

    The returned value of NextToken is a pagination token, which can be used in the next request to retrieve a new page of results.

    Note

    This parameter is returned only when the value of IsTruncated is true.

    K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****
    RequestId

    string

    The request ID.

    6BA1BDF1-D845-5D2C-B742-74BE2970E4C1
    AccessConfigurationProvisionings

    array<object>

    The accounts for which the access configuration is provisioned.

    object

    Status

    string

    The status of the access configuration. Valid values:

    • Provisioned: The access configuration is provisioned.

    • ReprovisionRequired: The access configuration needs to be re-provisioned.

    • DeprovisionFailed: The access configuration failed to be provisioned.

    Provisioned
    SAMLProviderName

    string

    The name of the Security Assertion Markup Language (SAML) identity provider (IdP) that is created within an account in the resource directory.

    AliyunReservedSSO-d-00fc2p61****
    TargetPath

    string

    The path ID of the task object in the resource directory.

    rd-3G****/r-Wm****/fd-pjM8oy****/101522521960****
    CreateTime

    string

    The first time when the access configuration was provisioned.

    2021-07-26T08:54:14Z
    TargetName

    string

    The name of the task object.

    SharedServices_5009****
    TargetId

    string

    The ID of the task object.

    If the value of TargetType is RD-Account, the value of this parameter is the UID of an account in the resource directory.

    101522521960****
    RAMRoleName

    string

    The name of the RAM role that is created for an account in the resource directory.

    AliyunReservedSSO-VPC-Admin
    AccessConfigurationName

    string

    The name of the access configuration.

    VPC-Admin
    TargetPathName

    string

    The path name of the task object in the resource directory.

    rd-3G****/root/Core/SharedServices_5009****
    TargetType

    string

    The type of the task object.

    Set the value to RD-Account, which specifies the accounts in the resource directory.

    RD-Account
    UpdateTime

    string

    The last time when the access configuration was provisioned.

    2021-07-26T08:54:18Z
    RAMPolicyNames

    array

    The name of the custom policy that is created for an account in the resource directory.

    string

    The name of the custom policy that is created for an account in the resource directory.

    Note

    This parameter is returned only if an inline policy is created for the access configuration.

    AliyunReservedSSO-VPC-Admin-InlinePolicy
    AccessConfigurationId

    string

    The ID of the access configuration.

    ac-00ccule7tadaijxc****
    MaxResults

    integer

    The maximum number of entries returned per page.

    10
    IsTruncated

    boolean

    Indicates whether the queried entries are truncated. Valid values:

    • true

    • false

    false
    TotalCounts

    integer

    The total number of entries returned.

    2

    Examples

    Success response

    JSON format

    {
  "NextToken": "K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****",
  "RequestId": "6BA1BDF1-D845-5D2C-B742-74BE2970E4C1",
  "AccessConfigurationProvisionings": [
    {
      "Status": "Provisioned",
      "SAMLProviderName": "AliyunReservedSSO-d-00fc2p61****",
      "TargetPath": "rd-3G****/r-Wm****/fd-pjM8oy****/101522521960****",
      "CreateTime": "2021-07-26T08:54:14Z",
      "TargetName": "SharedServices_5009****",
      "TargetId": "101522521960****",
      "RAMRoleName": "AliyunReservedSSO-VPC-Admin",
      "AccessConfigurationName": "VPC-Admin",
      "TargetPathName": "rd-3G****/root/Core/SharedServices_5009****",
      "TargetType": "RD-Account",
      "UpdateTime": "2021-07-26T08:54:18Z",
      "RAMPolicyNames": [
        "AliyunReservedSSO-VPC-Admin-InlinePolicy"
      ],
      "AccessConfigurationId": "ac-00ccule7tadaijxc****"
    }
  ],
  "MaxResults": 10,
  "IsTruncated": false,
  "TotalCounts": 2
}

    Error codes

    See Error Codes for a complete list.

    Release notes

    See Release Notes for a complete list.