After you log on to the CloudSSO user portal, you can view the accounts that you can access in your resource directory. Then, you can select an account to go to the Alibaba Cloud Management Console and access Alibaba Cloud resources based on the permissions that are specified in an access configuration.

Step 1: Obtain the URL of the user portal

  1. Log on to the CloudSSO console as a CloudSSO administrator.
  2. In the left-side navigation pane, click Overview.
  3. In the User Logon URL section, view or copy the logon URL.
    User Logon URL

Step 2: Log on to the user portal

  1. Enter the URL that is obtained from Step 1 in your browser.
  2. Log on to the user portal based on a specified logon method.
    • SSO logon
      1. Click Redirect to go to the logon page of the enterprise identity provider (IdP). Redirect
      2. Use the username and password of the enterprise IdP to log on to the user portal.
    • Username-password logon
      1. Enter the username and password of the CloudSSO user and click Log On.
      2. Optional. If multi-factor authentication (MFA) is enabled, complete MFA verification.
        • If this is your first time to log on to the user portal, you must bind an MFA device. For more information, see Bind the first MFA device.
        • If an MFA device is bound, enter the verification code that is obtained from the mobile device and click Verify.
Note The logon session for a user is valid for 8 hours. After a user logs on to the user portal, the logon session starts, which is valid for 8 hours. If the logon session expires, the user must log on again.

Step 3: Access resources of an account in your resource directory

  1. In the list of the accounts that you can access in your resource directory, find the account whose resources you want to access and click Show Details in the Permission column.

    You can select one of the accounts from the account list and access resources of the account based on your business requirements.

    Accounts in your resource directory
    Note If no data is available in the list, you have no access permissions on the accounts in your resource directory.
  2. In the access configuration list that appears, find the access configuration that you want to use to access resources and click Log On in the Actions column.

    You can select one of the access configurations from the list and access resources of the account based on your business requirements.

    Item
    Note If no data is available in the list, you do not have permissions to access resources of the account.
  3. Access resources of the account by assuming a RAM role.
    You can move the pointer over the profile picture in the upper-right corner of the console to view the current logon identity. View the current identity