The following tables list the API operations available for use in CloudSSO.

Note Alibaba Cloud provides OpenAPI Explorer to simplify API usage. You can use OpenAPI Explorer to debug API operations and dynamically generate SDK sample code.

Operations for CloudSSO

Operation Description
EnableService Enables CloudSSO.
DisableService Disables CloudSSO.
GetServiceStatus Queries the status of CloudSSO.
CreateDirectory Creates a directory.
ListDirectories Queries directories.
GetDirectory Queries information about a directory.
GetDirectoryStatistics Queries the statistics of a directory.
UpdateDirectory Changes the name of a directory.
DeleteDirectory Deletes a directory.

Operations for users

Operation Description
CreateUser Creates a user.
ListUsers Queries users.
GetUser Queries information about a user.
UpdateUser Modifies information about a user.
UpdateUserStatus Changes the status of a user.
DeleteUser Deletes a user.
ResetUserPassword Resets the password of a user.
SetMFAAuthenticationStatus Enables or disables multi-factor authentication (MFA) for users in a directory.
Note This operation is no longer maintained and updated. You can call the UpdateMFAAuthenticationSettings operation to enable MFA for users in a directory.
GetMFAAuthenticationStatus Checks whether MFA is enabled for users.
Note This operation is no longer maintained and updated. You can call the GetMFAAuthenticationSettings operation to check whether MFA is enabled for users.
ListMFADevicesForUser Queries the MFA devices that are bound to a user.
DeleteMFADeviceForUser Unbinds a MFA device from a user.
UpdateMFAAuthenticationSettings Modifies the MFA setting of all users.
GetMFAAuthenticationSettings Queries the MFA setting of all users.
UpdateUserMFAAuthenticationSettings Modifies the MFA setting of a single user.
GetUserMFAAuthenticationSettings Queries the MFA setting of a single user.

Operations for groups

Operation Description
CreateGroup Creates a RAM user group.
ListGroups Queries RAM user groups.
GetGroup Queries the information about a RAM user group.
UpdateGroup Modifies the information about a group.
DeleteGroup Deletes a group.
AddUserToGroup Adds a user to a group.
RemoveUserFromGroup Removes a user from a group.
ListJoinedGroupsForUser Queries the groups to which a user is added.
ListGroupMembers Queries the users in a group.

Operations for Cross-domain Identity Management (SCIM) synchronization

Operation Description
CreateSCIMServerCredential Creates a SCIM credential.
ListSCIMServerCredentials Queries SCIM credentials.
UpdateSCIMServerCredentialStatus Enables or disables a SCIM credential.
DeleteSCIMServerCredential Deletes a SCIM credential.
SetSCIMSynchronizationStatus Enables or disables SCIM synchronization.
GetSCIMSynchronizationStatus Queries the status of SCIM synchronization.

Operations for single sign-on (SSO) logon

Operation Description
GetDirectorySAMLServiceProviderInfo Queries the information about a Security Assertion Markup Language (SAML) service provider (SP).
SetExternalSAMLIdentityProvider Configures a SAML identity provider (IdP).
GetExternalSAMLIdentityProvider Queries the configurations of a SAML identity provider IdP.
ClearExternalSAMLIdentityProvider Clears the configurations of a SAML IdP.
AddExternalSAMLIdPCertificate Adds a SAML signing certificate.
ListExternalSAMLIdPCertificates Queries SAML signing certificates.
RemoveExternalSAMLIdPCertificate Removes a SAML signing certificate.

Operations for access configurations

Operation Description
CreateAccessConfiguration Creates an access configuration.
ListAccessConfigurations Queries access configurations.
GetAccessConfiguration Queries the information about an access configuration.
UpdateAccessConfiguration Modifies the information about an access configuration.
DeleteAccessConfiguration Deletes an access configuration.
AddPermissionPolicyToAccessConfiguration Adds a policy to an access configuration.
RemovePermissionPolicyFromAccessConfiguration Removes a policy from an access configuration.
UpdateInlinePolicyForAccessConfiguration Modifies an inline policy that is created for an access configuration.
ListPermissionPoliciesInAccessConfiguration Queries the policies that are created for an access configuration.

Operations for multi-account authorization

Operation Description
ProvisionAccessConfiguration Provisions an access configuration for an account in your resource directory.
DeprovisionAccessConfiguration De-provisions an access configuration from an account in your resource directory.
ListAccessConfigurationProvisionings Queries the access configurations that are provisioned.
CreateAccessAssignment Assigns access permissions on an account in your resource directory to a user or a group by using an access configuration.
ListAccessAssignments Queries the access permissions that are assigned.
DeleteAccessAssignment Remove the access permissions on an account in a resource directory.
ListTasks Queries asynchronous tasks.
GetTask Queries the information about an asynchronous task.
GetTaskStatus Queries the status of an asynchronous task.