All Products
Search

This Product

    Identity as a Service:Quick start

    Document Center

    Identity as a Service:Quick start

    Last Updated:Mar 31, 2026

    This guide walks you through the initial setup of Alibaba Cloud IDaaS Customer Identity and Access Management (CIAM) — from activating an instance to managing user accounts.

    Prerequisites

    Before you begin, make sure you have:

    • An Alibaba Cloud account

    • (For RAM users) The AliyunYundunIdaasFullAccess permission granted by your account administrator

    Step 1: Activate an instance

    1. Log on to the CIAM console and click RAM consoleCIAM consolePurchase Instance to open the CIAM pricing page.

    2. Select your Region and Specifications, then click Buy Now.

      Pricing depends on your deployment model: - Online version: Charged based on monthly active users (MAU). Instance usage fees (computing resources and storage) are billed separately based on actual configuration. - On-premises deployment: One-time authorization or periodic license fees apply, plus implementation fees (deployment, system integration, and custom development) and optional Operations and Maintenance (O&M) fees for technical support. For details, see Pricing.

    3. Return to the console to verify the instance appears in your instance list.

    Step 2: Grant RAM user access to the IDaaS console

    Skip this step if you access the console directly with your Alibaba Cloud account.

    1. Log on to the RAM console and confirm the target RAM user has the AliyunYundunIdaasFullAccess permission.

    2. Log on to the CIAM console with your Alibaba Cloud account. Click the instance ID to open its management console.

    3. Go to Settings > Other Settings > Administrator account and click Add administrator.

    4. Fill in the Account name, RAM sub-account, External ID, and Authorized role, then save. The RAM user can now log on to the IDaaS console with the assigned role.

    Step 3: Create an application

    CIAM uses applications as the central unit for managing authentication. Create one application for each customer-facing service — a website, mini program, or mobile app — that you want to protect with CIAM.

    1. In the instance management console, go to Application > Application Management and click Add an application.

    2. Set the Icon, Application Name, Application Type, and SSO Protocol

    3. After you create an application, you can configure and maintain it.

    Step 4: Configure logon methods

    Each application supports one or more logon methods. Configuring the right combination improves user conversion rates and reduces registration drop-off.

    1. On the Application Management page, find the application and click Configure in the Actions column.

    2. On the Application Settings page, click the Registration And Logon Settings

    3. Set the Primary Logon Method to control which method is shown first on the logon page — either Phone Code or Password-based Logon.

    Step 5: Manage accounts

    CIAM supports two ways to add user accounts:

    MethodDescription
    Administrator-created accountsIn the instance management console, create a user and set the account name, password, and mobile phone number. The user can then log on to the user portal with a password or verification code.
    Self-registrationAfter an administrator creates an application, users can register for an account directly on the portal.