All Products
Search

This Product

    CloudSSO:Create an access configuration

    Document Center

    CloudSSO:Create an access configuration

    Last Updated:Jan 12, 2024

    An access configuration is a configuration template that is used by CloudSSO users to access the accounts in a resource directory. The template contains permission configurations. You can use this template to assign access permissions on the accounts in your resource directory to CloudSSO users. This topic describes how to create an access configuration.

    Procedure

    1. Log on to the CloudSSO console.

    2. In the left-side navigation pane, click Access Configuration Management.

    3. On the Access Configuration Management page, click Create Access Configuration.

    4. In the Create Access Configuration panel, configure the parameters and click OK.

      • Access Configuration Name: required. The name of the access configuration, which must be unique within the directory.

      • Session Duration: optional. The duration of a session in which a CloudSSO user accesses an account in your resource directory by using the access configuration. Unit: seconds. Valid values: 900 to 43200 (15 minutes to 12 hours). Default value: 3600 (1 hour).

      • Relay State: optional. The initial web page displayed after a CloudSSO user uses the access configuration to access an account in your resource directory. The web page must be a page of the Alibaba Cloud Management Console. By default, this parameter is empty, which indicates that the initial web page is the homepage of the Alibaba Cloud Management Console.

      • Description: optional. The description of the access configuration.

    5. Configure system policies.

      • Use system policies

        1. Select Use System Policy.

        2. Select the required system policies.

          Note

          You can configure a maximum of 20 system policies for each access configuration.

        3. Click Bind and Continue.

        4. Click Next.

      • Do not use system policies

        1. Select Not Use System Policy.

        2. Click Continue.

    6. Configure inline policies.

      • Use inline policies

        1. Select Use Inline Policy.

        2. Edit the policy document.

          The Resource Access Management (RAM) policy syntax is reused for inline policies. For information about the policy syntax, see Policy structure and syntax.

        3. Click OK.

      • Do not use inline policies

        1. Select Not Use Inline Policy.

        2. Click OK.

    What to do next

    After you create the access configuration, you can use it to assign access permissions on the accounts in your resource directory to CloudSSO users. This way, the ClousSSO users can access the resources within the accounts. For more information, see Assign access permissions on the accounts in a resource directory.