This topic describes how to create an access configuration.


  1. Log on to the CloudSSO console.
  2. In the left-side navigation pane, click Access Configuration Management.
  3. On the Access Configuration Management page, click Create Access Configuration.
  4. In the Create Access Configuration panel, configure the parameters and click OK.
    • Access Configuration Name: required. The name of the access configuration, which must be unique within the directory.
    • Session Duration: optional. The duration of a session in which a CloudSSO user accesses an account in your resource directory by using the access configuration. Unit: seconds. Valid values: 900 to 43200 (15 minutes to 12 hours). Default value: 3600 (1 hour).
    • Relay State: optional. The initial web page displayed after a CloudSSO user uses the access configuration to access an account in your resource directory. The web page must be a page of the Alibaba Cloud Management Console. By default, this parameter is empty, which indicates that the initial web page is the homepage of the Alibaba Cloud Management Console.
    • Description: optional. The description of the access configuration.
  5. Configure system policies.
    • Use system policies
      1. Select Use System Policy.
      2. Select the required system policies.
        Note You can select a maximum of five system policies at a time. You can configure a maximum of 20 system policies for each access configuration.
      3. Click Bind and Continue.
      4. Click Next Step.
    • Do not use system policies
      1. Select Not Use System Policy.
      2. Click Continue.
  6. Configure inline policies.
    • Use inline policies
      1. Select Use Inline Policy.
      2. Edit the policy document.

        The RAM policy syntax is reused for inline policies. For more information about the policy syntax, see Policy structure and syntax.

      3. Click OK.
    • Do not use inline policies
      1. Select Not Use Inline Policy.
      2. Click OK.