The following tables list the API operations available for use in CloudSSO.

Note Alibaba Cloud provides OpenAPI Explorer to simplify API usage. You can use OpenAPI Explorer to debug API operations.

Operations for CloudSSO

Operation Description
EnableService Enables CloudSSO.
DisableService Disables CloudSSO.
GetServiceStatus Queries the status of CloudSSO.
CreateDirectory Creates a directory.
ListDirectories Queries directories.
GetDirectory Queries information about a directory.
GetDirectoryStatistics Queries the statistics of a directory.
UpdateDirectory Changes the name of a directory.
DeleteDirectory Deletes a directory.

Operations for users

Operation Description
CreateUser Creates a user.
ListUsers Queries users.
GetUser Queries information about a user.
UpdateUser Modifies information about a user.
UpdateUserStatus Changes the status of a user.
DeleteUser Deletes a user.
ResetUserPassword Resets the password of a user.
SetMFAAuthenticationStatus Enables or disables multi-factor authentication (MFA) for users in a directory.
GetMFAAuthenticationStatus Checks whether MFA is enabled for users.
ListMFADevicesForUser Queries the MFA devices that are bound to a user.
DeleteMFADeviceForUser Unbinds an MFA device from a user.

Operations for groups

Operation Description
CreateGroup Creates a group.
ListGroups Queries groups.
GetGroup Queries information about a group.
UpdateGroup Modifies information about a group.
DeleteGroup Deletes a group.
AddUserToGroup Adds a user to a group.
RemoveUserFromGroup Removes a user from a group.
ListJoinedGroupsForUser Queries the groups to which a user is added.
ListGroupMembers Queries the users in a group.

Operations for Cross-domain Identity Management (SCIM) synchronization

Operation Description
CreateSCIMServerCredential Creates a SCIM credential.
ListSCIMServerCredentials Queries SCIM credentials.
UpdateSCIMServerCredentialStatus Enables or disables a SCIM credential.
DeleteSCIMServerCredential Deletes a SCIM credential.
SetSCIMSynchronizationStatus Enables or disables SCIM synchronization.
GetSCIMSynchronizationStatus Queries the status of SCIM synchronization.

Operations for SSO logon

Operation Description
GetDirectorySAMLServiceProviderInfo Queries information about a SAML service provider (SP).
SetExternalSAMLIdentityProvider Configures a SAML identity provider (IdP).
GetExternalSAMLIdentityProvider Queries the configurations of a SAML IdP.
ClearExternalSAMLIdentityProvider Clears the configurations of a SAML IdP.
AddExternalSAMLIdPCertificate Adds a SAML signing certificate.
ListExternalSAMLIdPCertificates Queries SAML signing certificates.
RemoveExternalSAMLIdPCertificate Removes a SAML certificate.

Operations for access configurations

Operation Description
CreateAccessConfiguration Creates an access configuration.
ListAccessConfigurations Queries access configurations.
GetAccessConfiguration Queries information about an access configuration.
UpdateAccessConfiguration Modifies information about an access configuration.
DeleteAccessConfiguration Deletes an access configuration.
AddPermissionPolicyToAccessConfiguration Adds a policy to an access configuration.
RemovePermissionPolicyFromAccessConfiguration Removes a policy from an access configuration.
UpdateInlinePolicyForAccessConfiguration Modifies an inline policy that is created for an access configuration.
ListPermissionPoliciesInAccessConfiguration Queries the policies that are created for an access configuration.

Operations for multi-account authorization

Operation Description
ProvisionAccessConfiguration Provisions an access configuration to an account in your resource directory.
DeprovisionAccessConfiguration De-provisions an access configuration from an account in your resource directory.
ListAccessConfigurationProvisionings Queries the access configurations that are provisioned.
CreateAccessAssignment Assigns access permissions on an account in the resource directory to a user or a group by using an access configuration.
ListAccessAssignments Queries the access permissions that are assigned.
DeleteAccessAssignment Removes the access permissions on an account in the resource directory.
ListTasks Queries asynchronous tasks.
GetTask Queries information about an asynchronous task.
GetTaskStatus Queries the status of an asynchronous task.