ListConditionalAccessPoliciesForApplication - Identity as a Service

Lists the conditional access policies associated with an application.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

eiam:ListConditionalAccessPoliciesForApplication

list

*Application

acs:eiam:{#regionId}:{#accountId}:instance/{#InstanceId}/application/{#ApplicationId}

*ConditionalAccessPolicy

acs:eiam:{#regionId}:{#accountId}:instance/{#InstanceId}/conditionalaccesspolicy/*

None

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The instance ID.	idaas_ue2jvisn35ea5lmthk267xxxxx
ApplicationId	string	Yes	The ID of the application that is associated with the conditional access policy.	app_11111

Response elements

Element	Type	Description	Example
	object
RequestId	string	The request ID.	0441BD79-92F3-53AA-8657-F8CE4A2B912A
ConditionalAccessPolicies	array<object>	A collection of conditional access policies.
	object	A conditional access policy object.
InstanceId	string	The instance ID.	idaas_oynbcyaaejuik6b37eldzxxxxx
ConditionalAccessPolicyId	string	The conditional access policy ID.	cap_m5etun43kejxphsbke6mjxxxxx
ConditionalAccessPolicyName	string	The name of the conditional access policy.	myPolicy
Description	string	The description of the conditional access policy.	policyTest
ConditionalAccessPolicyType	string	The type of the conditional access policy.	arn:alibaba:idaas:authn:access:policy:system
Status	string	The status of the conditional access policy. Enumeration values: disabled : The policy is disabled. enabled : The policy is enabled.	disabled
DecisionType	string	The execution type of the conditional access policy. Enumeration values: enforcement : The policy is enforced. reportOnly : The policy is for reporting only.	enforcement
EvaluateAt	string	The policy enforcement point. Enumeration values: arn:alibaba:idaas:authn:access:rule:eval_at:before_authn : before authentication arn:alibaba:idaas:authn:access:rule:eval_at:after_authn : after authentication arn:alibaba:idaas:authn:access:rule:eval_at:after_step1 : after the first-factor authentication	arn:alibaba:idaas:authn:access:rule:eval_at:after_step1
Priority	integer	The priority.	100
DecisionConfig	object	The execution configuration of the conditional access policy.
Effect	string	The effect of the policy. Enumeration values: allow : Allows access. deny : Denies access.	allow
MfaType	string	The multi-factor authentication (MFA) type of the conditional access policy. Enumeration values: directly_access : Direct access is allowed. mfa_required : MFA is required.	directly_access
MfaAuthenticationIntervalSeconds	integer	The re-authentication interval of the conditional access policy, in seconds.	300
MfaAuthenticationMethods	array	The collection of MFA methods allowed by the conditional access policy.
	string	The MFA method allowed by the conditional access policy.	ia_webauthn
ActiveSessionReuseStatus	string	Indicates whether session reuse is enabled.	disabled
ConditionsConfig	object	The content of the conditional access policy.
Applications	object	The target applications of the conditional access policy.
IncludeApplications	array	The selected applications.
	string	The application ID.	app_m7op362gcbdpzh6tsyy52xxxxx
ExcludeApplications	array	The excluded applications.
	string	The application ID.	app_xxxxx62gcbdpzh6tsyy52xxxxx
Users	object	The target users of the conditional access policy.
IncludeUsers	array	The selected users.
	string	The user ID.	user_7kht3wmffmdvvqizxwsab3xxxx
ExcludeUsers	array	The excluded users.
	string	The user ID.	user_rh2uldi6u56epkazm2wgrxxxxx
IncludeGroups	array	The selected user groups.
	string	The user group ID.	group_xtlpbw47kxxz6rygjkqupxxxxx
ExcludeGroups	array	The excluded user groups.
	string	The user group ID.	group_eki2tt7g4hjbiowfzh5j4xxxxx
IncludeOrganizationalUnits	array	The selected organizations.
	string	The organization ID.	ou_kp63or7wlpkbfperzo3qg2ssxx
ExcludeOrganizationalUnits	array	The excluded organizations.
	string	The organization ID.	ou_kp63or7wlpkbfperzo3qg2xxxx
NetworkZones	object	The network zones of the conditional access policy.
IncludeNetworkZones	array	The selected network zones.
	string	The ID of the network zone.	network_m7qormftq3tyxgi34vzpzxxxxx
ExcludeNetworkZones	array	The excluded network zones.
	string	The ID of the network zone.	network_aaaormftq3tyxgi34vzpzxxxxx
CreateTime	integer	The creation time.	1741857554000
LastUpdatedTime	integer	The update time.	1741857554000

Examples

Success response

JSON format

{
  "RequestId": "0441BD79-92F3-53AA-8657-F8CE4A2B912A",
  "ConditionalAccessPolicies": [
    {
      "InstanceId": "idaas_oynbcyaaejuik6b37eldzxxxxx",
      "ConditionalAccessPolicyId": "cap_m5etun43kejxphsbke6mjxxxxx",
      "ConditionalAccessPolicyName": "myPolicy",
      "Description": "policyTest",
      "ConditionalAccessPolicyType": "arn:alibaba:idaas:authn:access:policy:system",
      "Status": "disabled",
      "DecisionType": "enforcement",
      "EvaluateAt": "arn:alibaba:idaas:authn:access:rule:eval_at:after_step1",
      "Priority": 100,
      "DecisionConfig": {
        "Effect": "allow",
        "MfaType": "directly_access",
        "MfaAuthenticationIntervalSeconds": 300,
        "MfaAuthenticationMethods": [
          "ia_webauthn"
        ],
        "ActiveSessionReuseStatus": "disabled"
      },
      "ConditionsConfig": {
        "Applications": {
          "IncludeApplications": [
            "app_m7op362gcbdpzh6tsyy52xxxxx"
          ],
          "ExcludeApplications": [
            "app_xxxxx62gcbdpzh6tsyy52xxxxx"
          ]
        },
        "Users": {
          "IncludeUsers": [
            "user_7kht3wmffmdvvqizxwsab3xxxx"
          ],
          "ExcludeUsers": [
            "user_rh2uldi6u56epkazm2wgrxxxxx"
          ],
          "IncludeGroups": [
            "group_xtlpbw47kxxz6rygjkqupxxxxx"
          ],
          "ExcludeGroups": [
            "group_eki2tt7g4hjbiowfzh5j4xxxxx"
          ],
          "IncludeOrganizationalUnits": [
            "ou_kp63or7wlpkbfperzo3qg2ssxx"
          ],
          "ExcludeOrganizationalUnits": [
            "ou_kp63or7wlpkbfperzo3qg2xxxx"
          ]
        },
        "NetworkZones": {
          "IncludeNetworkZones": [
            "network_m7qormftq3tyxgi34vzpzxxxxx"
          ],
          "ExcludeNetworkZones": [
            "network_aaaormftq3tyxgi34vzpzxxxxx"
          ]
        }
      },
      "CreateTime": 1741857554000,
      "LastUpdatedTime": 1741857554000
    }
  ]
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.