After you log on to the CloudSSO user portal, you can view the accounts that you can access in your resource directory and access the resources of the accounts as a Resource Access Management (RAM) role or RAM user.

Step 1: Obtain the URL of the CloudSSO user portal

  1. Log on to the CloudSSO console as a CloudSSO administrator.
  2. In the left-side navigation pane, click Overview.
  3. In the User Logon URL section, view or copy the logon URL.
    User Logon URL

Step 2: Log on to the user portal

  1. Enter the URL that is obtained from Step 1 in your browser.
  2. Log on to the user portal based on a specified logon method.
    • Single sign-on (SSO) logon
      1. Click Redirect to go to the logon page of the enterprise identity provider (IdP). Redirect
      2. Use the username and password of the enterprise IdP to log on to the user portal.
    • Username-password logon
      1. Enter the username and password of the CloudSSO user and click Log On.
      2. Optional. If multi-factor authentication (MFA) is enabled, complete MFA verification.
        • If this is your first time to log on to the user portal, you must bind an MFA device. For more information, see Bind the first MFA device.
        • If an MFA device is bound, enter the verification code that is obtained from the mobile device and click Verify.
Note The logon session for a user is valid for 8 hours. After a user logs on to the user portal, the logon session starts, which is valid for 8 hours. If the logon session expires, the user must log on again.

Step 3: Access the resources of an account in your resource directory

RAM role-based logon

If the resources of a cloud service can be accessed as a RAM role and a CloudSSO user is assigned the access permissions on an account in your resource directory by using an access configuration, the CloudSSO user can access the resources of the account as a RAM role. This method is suitable for most cloud services.

  1. On the Log on as RAM Role tab, click the required account in your resource directory and click Show Details in the Permissions column.

    You can select one of the accounts from the account list and access the resources of the account based on your business requirements.

    Accounts in your resource directory
    Note If no data is available in the list, you have no access permissions on the accounts in your resource directory.
  2. In the access configuration list that appears, find the access configuration that you want to use to access resources and click Log On in the Actions column.

    You can select one of the access configurations from the list and access the resources of the account based on your business requirements.

    Access configuration list
    Note If no data is available in the list, you do not have permissions to access the resources of the account.
  3. Access the resources of the account as a RAM role.
    You can move the pointer over the profile picture in the upper-right corner of the console to view the current logon identity. View the current identity

RAM user-based logon

If a cloud service cannot be accessed as a RAM role and you create a RAM user provisioning for an account in your resource directory by using CloudSSO, you can can access the resources of the account as a RAM user.

  1. On the Log on as RAM User tab, find the required account in your resource directory and click Log On in the Actions column.

    You can select one of the accounts from the account list and access resources of the account based on your business requirements.

    RAM user-based logon
    Note If no data is available in the list, you have no access permissions on the accounts in your resource directory.
  2. Access the resources of the account as a RAM user.
    You can move the pointer over the profile picture in the upper-right corner of the console to view the current logon identity. RAM user