The following tables list the API operations available for use in CloudSSO.
Note Alibaba Cloud provides OpenAPI Explorer to simplify API usage. You can use OpenAPI Explorer to debug API operations.
Operations for CloudSSO
| Operation | Description |
|---|---|
| EnableService | Enables CloudSSO. |
| DisableService | Disables CloudSSO. |
| GetServiceStatus | Queries the status of CloudSSO. |
| CreateDirectory | Creates a directory. |
| ListDirectories | Queries directories. |
| GetDirectory | Queries information about a directory. |
| GetDirectoryStatistics | Queries the statistics of a directory. |
| UpdateDirectory | Changes the name of a directory. |
| DeleteDirectory | Deletes a directory. |
Operations for users
| Operation | Description |
|---|---|
| CreateUser | Creates a user. |
| ListUsers | Queries users. |
| GetUser | Queries information about a user. |
| UpdateUser | Modifies information about a user. |
| UpdateUserStatus | Changes the status of a user. |
| DeleteUser | Deletes a user. |
| ResetUserPassword | Resets the password of a user. |
| SetMFAAuthenticationStatus | Enables or disables multi-factor authentication (MFA) for users in a directory. |
| GetMFAAuthenticationStatus | Checks whether MFA is enabled for users. |
| ListMFADevicesForUser | Queries the MFA devices that are bound to a user. |
| DeleteMFADeviceForUser | Unbinds an MFA device from a user. |
Operations for groups
| Operation | Description |
|---|---|
| CreateGroup | Creates a group. |
| ListGroups | Queries groups. |
| GetGroup | Queries information about a group. |
| UpdateGroup | Modifies information about a group. |
| DeleteGroup | Deletes a group. |
| AddUserToGroup | Adds a user to a group. |
| RemoveUserFromGroup | Removes a user from a group. |
| ListJoinedGroupsForUser | Queries the groups to which a user is added. |
| ListGroupMembers | Queries the users in a group. |
Operations for Cross-domain Identity Management (SCIM) synchronization
| Operation | Description |
|---|---|
| CreateSCIMServerCredential | Creates a SCIM credential. |
| ListSCIMServerCredentials | Queries SCIM credentials. |
| UpdateSCIMServerCredentialStatus | Enables or disables a SCIM credential. |
| DeleteSCIMServerCredential | Deletes a SCIM credential. |
| SetSCIMSynchronizationStatus | Enables or disables SCIM synchronization. |
| GetSCIMSynchronizationStatus | Queries the status of SCIM synchronization. |
Operations for SSO logon
| Operation | Description |
|---|---|
| GetDirectorySAMLServiceProviderInfo | Queries information about a SAML service provider (SP). |
| SetExternalSAMLIdentityProvider | Configures a SAML identity provider (IdP). |
| GetExternalSAMLIdentityProvider | Queries the configurations of a SAML IdP. |
| ClearExternalSAMLIdentityProvider | Clears the configurations of a SAML IdP. |
| AddExternalSAMLIdPCertificate | Adds a SAML signing certificate. |
| ListExternalSAMLIdPCertificates | Queries SAML signing certificates. |
| RemoveExternalSAMLIdPCertificate | Removes a SAML certificate. |
Operations for access configurations
| Operation | Description |
|---|---|
| CreateAccessConfiguration | Creates an access configuration. |
| ListAccessConfigurations | Queries access configurations. |
| GetAccessConfiguration | Queries information about an access configuration. |
| UpdateAccessConfiguration | Modifies information about an access configuration. |
| DeleteAccessConfiguration | Deletes an access configuration. |
| AddPermissionPolicyToAccessConfiguration | Adds a policy to an access configuration. |
| RemovePermissionPolicyFromAccessConfiguration | Removes a policy from an access configuration. |
| UpdateInlinePolicyForAccessConfiguration | Modifies an inline policy that is created for an access configuration. |
| ListPermissionPoliciesInAccessConfiguration | Queries the policies that are created for an access configuration. |
Operations for multi-account authorization
| Operation | Description |
|---|---|
| ProvisionAccessConfiguration | Provisions an access configuration to an account in your resource directory. |
| DeprovisionAccessConfiguration | De-provisions an access configuration from an account in your resource directory. |
| ListAccessConfigurationProvisionings | Queries the access configurations that are provisioned. |
| CreateAccessAssignment | Assigns access permissions on an account in the resource directory to a user or a group by using an access configuration. |
| ListAccessAssignments | Queries the access permissions that are assigned. |
| DeleteAccessAssignment | Removes the access permissions on an account in the resource directory. |
| ListTasks | Queries asynchronous tasks. |
| GetTask | Queries information about an asynchronous task. |
| GetTaskStatus | Queries the status of an asynchronous task. |