API standard and pre-built SDKs in multi-language
The OpenAPI specification of this product (Eiam/2021-12-01) follows the RPC standard. Alibaba Cloud provides pre-built SDKs for popular programming languages to abstract low-level complexities such as request signing. This enables developers to call APIs using language-specific syntax without dealing with HTTP details directly.
Custom signature
If your specific needs, such as a customized signature, are not supported by the SDK, manually sign requests using the signature mechanism. Note that manual signing requires significant effort (usually about 5 business days). For support, join our DingTalk group (ID: 147535001692).
Before you begin
An Alibaba Cloud account has full administrative privileges. A compromised AccessKey pair exposes all associated resources to unauthorized access, posing a significant security risk. Create a Resource Access Management (RAM) user with API-only access and use RAM policies to apply the principle of least privilege (PoLP). Alibaba Cloud accounts are only used when explicitly required.
To call APIs securely, configure the following:
A RAM user account
An AccessKey pair for the account
Instance
|
API |
Title |
Description |
| EnableInitDomainAutoRedirect | EnableInitDomainAutoRedirect | Enables automatic redirection from the initialization domain name to the default domain name for an EIAM instance. After this feature is enabled, portal access via the initialization domain name is redirected to the default domain name. |
| DisableInitDomainAutoRedirect | DisableInitDomainAutoRedirect | Disables the feature of automatically redirecting the initial domain name to the default domain name for an Employee Identity and Access Management (EIAM) instance. After the feature is disabled, users who visit the portal page by using the initial domain name are not redirected to the default domain name. |
| GetInstanceLicense | Query License of the Instance | Queries the active license information for an instance. |
Domain Name Management
|
API |
Title |
Description |
| GetDomainDnsChallenge | GetDomainDnsChallenge | Queries the DNS Challenge record for a specified EIAM domain name. This record is used to verify domain ownership. |
| CreateDomain | CreateDomain | Creates a custom domain name for an EIAM (Entity and Identity Access Management) instance. |
| GetDomain | GetDomain | Queries information about a domain name for an EIAM instance. |
| SetDefaultDomain | SetDefaultDomain | Sets the default domain name for a specified EIAM instance. |
| ListDomains | ListDomains | Queries the domain names of an EIAM instance, including the default domain name and custom domain names. |
| DeleteDomain | DeleteDomain | Deletes a custom domain name of an Employee Identity and Access Management (EIAM) instance. You cannot delete the initial domain name and default domain name of the instance. |
| CreateDomainProxyToken | CreateDomainProxyToken | Creates a proxy token for a domain name of an Employee Identity and Access Management (EIAM) instance. |
| ObtainDomainProxyToken | ObtainDomainProxyToken | Obtains the proxy token for a domain name in an EIAM instance. |
| EnableDomainProxyToken | EnableDomainProxyToken | Enables a proxy token for a domain name of an Employee Identity and Access Management (EIAM) instance. The proxy token is used to verify the security of the domain name. |
| DisableDomainProxyToken | DisableDomainProxyToken | Disables a proxy token for a domain name of an Employee Identity and Access Management (EIAM) instance. After the proxy token is disabled, the domain name may not be used as expected. |
| ListDomainProxyTokens | ListDomainProxyTokens | Retrieves a list of proxy tokens for a domain name in an EIAM instance. |
| DeleteDomainProxyToken | DeleteDomainProxyToken | Deletes a proxy token for a domain name of an Employee Identity and Access Management (EIAM) instance. Only the proxy tokens in the disabled state can be deleted. |
| UpdateDomainIcpNumber | UpdateDomainIcpNumber | Updates the ICP filing number for a domain name. |
| UpdateDomainBrand | UpdateDomainBrand | Updates the brand associated with a domain name. |
Application
|
API |
Title |
Description |
| Basics | Basics | |
| GetApplication | GetApplication | Retrieves the details of a specified EIAM application. |
| ListApplications | ListApplications | Performs a paged query to retrieve information about one or more EIAM applications. |
| GetApplicationTemplate | GetApplicationTemplate | Retrieves the details of an application template. |
| UpdateApplicationInfo | UpdateApplicationInfo | Updates the basic information for an application. |
| ListApplicationsForNetworkAccessEndpoint | ListApplicationsForNetworkAccessEndpoint | Lists the applications for a network access endpoint. |
| ListApplicationsForNetworkZone | ListApplicationsForNetworkZone | Retrieves a list of applications associated with a network domain. |
| ListApplicationsForGroup | ListApplicationsForGroup | Retrieves a list of applications that an EIAM group can access. |
| SSO | SSO | |
| EnableApplicationSso | EnableApplicationSso | Enables single sign-on (SSO) for an EIAM application. |
| DisableApplicationSso | DisableApplicationSso | Disables the single sign-on (SSO) feature for an Employee Identity and Access Management (EIAM) application. This way, employees cannot log on to the application by using SSO. |
| SetApplicationSsoConfig | SetApplicationSsoConfig | Sets the single sign-on (SSO) properties for an IDaaS application. |
| GetApplicationSsoConfig | GetApplicationSsoConfig | Retrieves the single sign-on (SSO) configuration for an application in EIAM. |
| Authorization | Authorization | |
| AuthorizeApplicationToUsers | AuthorizeApplicationToUsers | Authorizes multiple EIAM accounts to access an application in a batch operation. |
| ListUsersForApplication | ListUsersForApplication | This operation performs a paged query to list the IDs of accounts that are granted access to an application. To retrieve detailed information about an account, call the GetUser operation. |
| ListApplicationsForUser | ListApplicationsForUser | Performs a paged query and returns the IDs of applications that an EIAM account can access. To retrieve detailed information about an application, call the GetApplication operation. |
| Federated credential management for applications | Federated credential management for applications | |
| UpdateApplicationFederatedCredentialDescription | UpdateApplicationFederatedCredentialDescription | Updates the description of a federated credential for an application. |
| UpdateApplicationFederatedCredential | UpdateApplicationFederatedCredential | Updates an application's federated credential. |
| ListApplicationFederatedCredentials | ListApplicationFederatedCredentials | Lists the federated credentials for an application. |
| GetApplicationFederatedCredential | GetApplicationFederatedCredential | Retrieves the federated credential for an application. |
| EnableApplicationFederatedCredential | EnableApplicationFederatedCredential | Enables an application federated credential. |
| DisableApplicationFederatedCredential | DisableApplicationFederatedCredential | Disables a federated credential for an application. |
| DeleteApplicationFederatedCredential | DeleteApplicationFederatedCredential | Deletes a federated credential for an application. |
| CreateApplicationFederatedCredential | CreateApplicationFederatedCredential | Creates an application federated credential. |
| Client Secret | Client Secret | |
| CreateApplicationClientSecret | CreateApplicationClientSecret | Creates a client secret for an EIAM application. You can create up to two client secrets for each application. |
| ListApplicationClientSecrets | ListApplicationClientSecrets | Queries all client secrets for an EIAM application. The key data in the response is masked. To obtain an unmasked key, call the ObtainApplicationClientSecret operation. |
| ObtainApplicationClientSecret | ObtainApplicationClientSecret | Obtains the client secret for an EIAM application. The secret is returned without desensitization. To obtain a desensitized secret, call the ListApplicationClientSecrets operation. |
| UpdateApplicationClientSecretExpirationTime | UpdateApplicationClientSecretExpirationTime | Updates the expiration time of a specified client secret for an application. |
| Application Token Management | Application Token Management | |
| CreateApplicationToken | CreateApplicationToken | Creates an application token. |
| EnableApplicationToken | EnableApplicationToken | Enables an application token. |
| DisableApplicationToken | DisableApplicationToken | Disables an application token. |
| UpdateApplicationTokenExpirationTime | UpdateApplicationTokenExpirationTime | Updates the expiration time of an application token. |
| ListApplicationTokens | ListApplicationTokens | Retrieves a list of application tokens. |
| ObtainApplicationToken | ObtainApplicationToken | Queries the token of a specified application. |
| DeleteApplicationToken | DeleteApplicationToken | Deletes an application token. |
| Application RAM User Management | Application RAM User Management | |
| AddApplicationAccountToUser | AddApplicationAccountToUser | Adds an application account to a specified user in the current application. |
| ListApplicationAccounts | ListApplicationAccounts | Returns a paginated list of application accounts. |
| ListApplicationAccountsForUser | ListApplicationAccountsForUser | Queries all accounts that belong to a specified user in an application. |
| RemoveApplicationAccountFromUser | RemoveApplicationAccountFromUser | Deletes the application account of a specified user from an application. |
| API | API | |
| EnableApplicationApiInvoke | EnableApplicationApiInvoke | You can call the EnableApplicationApiInvoke operation to enable Developer API calls for an EIAM application. |
| Provisioning | Provisioning | |
| SetApplicationProvisioningConfig | SetApplicationProvisioningConfig | Sets the account synchronization configuration for an EIAM application. |
| GetApplicationProvisioningConfig | GetApplicationProvisioningConfig | Retrieves the account synchronization configuration for an Entity Identity and Access Management (EIAM) application. |
| GetApplicationProvisioningScope | GetApplicationProvisioningScope | Queries the account synchronization scope of applications in Identity as a Service (IDaaS) Employee IAM (EIAM). This scope is the same as the scope within which developers can call the DeveloperAPI to query and manage accounts. |
Managing federation trust sources
|
API |
Title |
Description |
| DeleteFederatedCredentialProvider | DeleteFederatedCredentialProvider | Deletes a federated credential provider. |
| UpdateFederatedCredentialProviderDescription | UpdateFederatedCredentialProviderDescription | Updates the description of a federated credential provider. |
| UpdateFederatedCredentialProvider | UpdateFederatedCredentialProvider | Updates a federated credential provider. |
| ListFederatedCredentialProviders | ListFederatedCredentialProviders | Queries a list of federated credential providers. |
| ListApplicationFederatedCredentialsForProvider | ListApplicationFederatedCredentialsForProvider | Lists the application federated credentials for a specified federated credential provider. |
| GetFederatedCredentialProvider | GetFederatedCredentialProvider | Retrieves a federated credential provider. |
| EnableFederatedCredentialProvider | EnableFederatedCredentialProvider | Enables a federated credential provider. |
| DisableFederatedCredentialProvider | DisableFederatedCredentialProvider | Disables a federated credential provider. |
| CreateFederatedCredentialProvider | CreateFederatedCredentialProvider | Creates a federated credential provider. |
User
|
API |
Title |
Description |
| Managing third-party logon accounts | Managing third-party logon accounts | |
| BindUserAuthnSourceMapping | BindUserAuthnSourceMapping | Binds a user to a third-party logon account. |
| UnbindUserAuthnSourceMapping | UnbindUserAuthnSourceMapping | Unbinds a third-party logon account from a user. |
| ListUserAuthnSourceMappings | ListUserAuthnSourceMappings | Queries the mappings of third-party logon accounts. |
| CreateUser | CreateUser | Creates a user in a specified EIAM instance. |
| AddUserToOrganizationalUnits | AddUserToOrganizationalUnits | Adds a specified EIAM account to one or more EIAM organizations. If the account already exists in one of the specified organizations, the request succeeds. |
| DeleteUser | DeleteUser | Deletes a specified EIAM user and purges all related information. |
| UpdateUserDescription | UpdateUserDescription | Updates a user's description. |
| ListUsers | ListUsers | Queries a paginated list of IDaaS accounts. |
Organizational Unit
|
API |
Title |
Description |
| ListOrganizationalUnits | ListOrganizationalUnits | Performs a paged query for EIAM organizational units. |
| ListOrganizationalUnitParents | ListOrganizationalUnitParents | Queries all parent organizational units of a specified EIAM organizational unit. The returned organizational units are sorted in hierarchical order from the highest level to the lowest level. |
Group
|
API |
Title |
Description |
| ListUsersForGroup | ListUsersForGroup | Lists the users in a specified EIAM account group. |
Identity Provider Management
|
API |
Title |
Description |
| CreateIdentityProvider | Create Identity Provider | Creates an identity provider (IdP). |
| DeleteIdentityProvider | DeleteIdentityProvide | Delete identity provider |
| UpdateIdentityProvider | UpdateIdentityProvider | Updates the basic configuration of an identity provider. |
| GetIdentityProvider | GetIdentityProvider | Retrieves the details of an identity provider. |
| ListIdentityProviders | ListIdentityProviders | Retrieves a list of identity providers. |
| EnableIdentityProviderUdPull | EnableIdentityProviderUdPull | Enable identity provider synchronization. |
| DisableIdentityProviderUdPull | DisableIdentityProviderUdPull | Disable identity provider synchronization |
| SetIdentityProviderUdPullConfiguration | SetIdentityProviderUdPullConfiguration | Sets the inbound synchronization configuration for an IdP. |
| GetIdentityProviderUdPullConfiguration | GetIdentityProviderUdPullConfiguration | Get IdP Inbound Synchronization Configuration Information |
| ListIdentityProvidersForNetworkAccessEndpoint | ListIdentityProvidersForNetworkAccessEndpoint | Retrieves information about Identity Providers (IdPs) for a network endpoint. |
| EnableIdentityProviderAuthn | EnableIdentityProviderAuthn | Enables authentication. |
| DisableIdentityProviderAuthn | DisableIdentityProviderAuthn | Disables authentication. |
Password Policy
|
API |
Title |
Description |
| SetPasswordExpirationConfiguration | SetPasswordExpirationConfiguration | Sets the password expiration policy for a specified EIAM instance. |
| GetForgetPasswordConfiguration | GetForgetPasswordConfiguration | Queries the forgot-password configuration for a specified EIAM instance. |
Conditional Access Policy
|
API |
Title |
Description |
| DeleteConditionalAccessPolicy | Delete Conditional Access Policy | Deletes a conditional access policy. |
| DisableConditionalAccessPolicy | Disable Conditional Access Policy | Disables a conditional access policy. |
| EnableConditionalAccessPolicy | Enable Conditional Access Policy | Enables a conditional access policy. |
| GetConditionalAccessPolicy | Query Conditional Access Policy | Retrieves a conditional access policy. |
| UpdateConditionalAccessPolicy | Update Conditional Access Policy | Updates a conditional access policy. |
| UpdateConditionalAccessPolicyDescription | Update Conditional Access Policy Description | Updates the description of a conditional access policy. |
| ListConditionalAccessPoliciesForUser | ListConditionalAccessPoliciesForUser | Retrieves a list of conditional access policies that are associated with a user. |
| ListConditionalAccessPoliciesForApplication | ListConditionalAccessPoliciesForApplication | Lists the conditional access policies associated with an application. |
Synchronization
|
API |
Title |
Description |
| ListSynchronizationJobs | ListSynchronizationJobs | Lists the details of synchronization tasks. |
| RunSynchronizationJob | RunSynchronizationJob | Creates and immediately runs a new synchronization task. |
| GetSynchronizationJob | GetSynchronizationJob | Obtains the information about a single synchronization job. |
Brand
|
API |
Title |
Description |
| CreateBrand | CreateBrand | Creates a brand. |
| GetBrand | GetBrand | Retrieves the details of a brand. |
| EnableBrand | EnableBrand | Enables a brand. |
| DisableBrand | DisableBrand | Disables a brand. |
| UpdateBrand | UpdateBrand | Updates a brand. |
| DeleteBrand | DeleteBrand | Deletes a brand. |
| ListBrands | ListBrands | Retrieves a list of brands. |
| SetLoginRedirectApplicationForBrand | SetLoginRedirectApplicationForBrand | Sets the post-logon redirect application for a brand. |
| GetLoginRedirectApplicationForBrand | GetLoginRedirectApplicationForBrand | Configure the post-logon redirect application for a brand |
Custom terms
|
API |
Title |
Description |
| CreateCustomPrivacyPolicy | CreateCustomPrivacyPolicy | You can create custom terms. |
| GetCustomPrivacyPolicy | GetCustomPrivacyPolicy | Obtaining custom terms |
| EnableCustomPrivacyPolicy | EnableCustomPrivacyPolicy | Enabling custom terms |
| DisableCustomPrivacyPolicy | DisableCustomPrivacyPolicy | Disables a custom privacy policy. |
| UpdateCustomPrivacyPolicy | UpdateCustomPrivacyPolicy | Updates a custom privacy policy. |
| DeleteCustomPrivacyPolicy | DeleteCustomPrivacyPolicy | Deleting custom clauses |
| ListCustomPrivacyPolicies | ListCustomPrivacyPolicies | Retrieves a list of custom privacy policies. |
| AddCustomPrivacyPoliciesToBrand | AddCustomPrivacyPoliciesToBrand | Assign terms to a brand |
| RemoveCustomPrivacyPoliciesFromBrand | RemoveCustomPrivacyPoliciesFromBrand | Removing a brand association |
| ListCustomPrivacyPoliciesForBrand | ListCustomPrivacyPoliciesForBrand | Retrieves the resources of brand-linked instances. |
Network Endpoint
|
API |
Title |
Description |
| CreateNetworkAccessEndpoint | CreateNetworkAccessEndpoint | Creates a dedicated endpoint. |
| DeleteNetworkAccessEndpoint | DeleteNetworkAccessEndpoint | Delete a network endpoint of a specific type. |
| UpdateNetworkAccessEndpointName | UpdateNetworkAccessEndpointName | Updates the name of a private network endpoint. |
| ListNetworkAccessEndpointAvailableRegions | ListNetworkAccessEndpointAvailableRegions | Lists the available regions for creating network access endpoints in IDaaS EIAM. |
| ListNetworkAccessEndpointAvailableZones | ListNetworkAccessEndpointAvailableZones | Queries the zones that support creating network endpoints for IDaaS in a specified region. |
| GetNetworkAccessEndpoint | GetNetworkAccessEndpoint | Get Network Endpoint Information |
| ListNetworkAccessEndpoints | ListNetworkAccessEndpoints | Lists the network endpoints for an IDaaS EIAM instance. |
| ListNetworkAccessPaths | ListNetworkAccessPaths | Lists the access paths for a specified network endpoint. |
Network Regions
|
API |
Title |
Description |
| CreateNetworkZone | CreateNetworkZone | Creates a network zone object. |
| DeleteNetworkZone | DeleteNetworkZone | Deletes a network zone object. |
| UpdateNetworkZone | UpdateNetworkZone | Updates a network zone object. |
| UpdateNetworkZoneDescription | UpdateNetworkZoneDescription | Updates the description of a network zone. |
| ListNetworkZones | ListNetworkZones | Lists network zone objects. |
| GetNetworkZone | GetNetworkZone | Retrieves a network zone object. |
Other
|
API |
Title |
Description |
| ListEiamRegions | ListEiamRegions | Lists the regions available for EIAM 1.0 and EIAM 2.0. |
| ListEiamInstances | ListEiamInstances | Queries the information about Employee Identity and Access Management (EIAM) V1.0 instances or EIAM V2.0 instances. |
| ListApplicationSupportedProvisionProtocolTypes | ListApplicationSupportedProvisionProtocolTypes | Call the ListApplicationSupportedProvisionProtocolTypes operation to query the account synchronization protocols supported by an application. |
Others
|
API |
Title |
Description |
| AddUsersToGroup | AddUsersToGroup | Adds Employee Identity and Access Management (EIAM) accounts to an EIAM group of Identity as a Service (IDaaS). |
| AuthorizeApplicationToGroups | AuthorizeApplicationToGroups | Grants the permissions to access an application to multiple account groups at a time in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| AuthorizeApplicationToOrganizationalUnits | AuthorizeApplicationToOrganizationalUnits | Grants the access permissions on an application to multiple Employee Identity and Access Management (EIAM) organizations at a time. |
| CreateApplication | CreateApplication | Adds an application to an Enterprise Identity Access Management (EIAM) instance of Identity as a Service (IDaaS). |
| CreateConditionalAccessPolicy | Create Conditional Access Policy | Create Conditional Access Policy |
| CreateGroup | CreateGroup | Creates an account group in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| CreateInstance | CreateInstance | Creates an instance based on which all capabilities of Identity as a Service (IDaaS) Enterprise Identity and Access Management (EIAM) are provided. |
| CreateOrganizationalUnit | CreateOrganizationalUnit | Creates an organization in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| DeleteApplication | DeleteApplication | Deletes an Employee Identity and Access Management (EIAM) application. |
| DeleteApplicationClientSecret | DeleteApplicationClientSecret | Deletes a client key for an Employee Identity and Access Management (EIAM) application. |
| DeleteGroup | DeleteGroup | Deletes the information of an account group in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| DeleteInstance | DeleteInstance | Deletes an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS) that you do not need. |
| DeleteOrganizationalUnit | DeleteOrganizationalUnit | Deletes an organization in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). If the organization has EIAM accounts or child organizations, the delete operation fails. |
| DeleteOrganizationalUnitChildren | DeleteOrganizationalUnitChildren | Deletes information about an organization and forcefully deletes all accounts and sub-organizations in the organization. |
| DisableApplication | DisableApplication | Disables an enabled Employee Identity and Access Management (EIAM) application. All features of the EIAM application cannot be used if you disable the EIAM application. |
| DisableApplicationApiInvoke | DisableApplicationApiInvoke | Disables the Developer API feature for an Employee Identity and Access Management (EIAM) application. |
| DisableApplicationClientSecret | DisableApplicationClientSecret | Disables a client key of an Employee Identity and Access Management (EIAM) application. |
| DisableApplicationProvisioning | DisableApplicationProvisioning | Disables the account synchronization feature for an application in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| DisableUser | DisableUser | Disables an Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM) account. If the account is disabled, a success message is returned. |
| EnableApplication | EnableApplication | Enables a disabled Employee Identity and Access Management (EIAM) application. |
| EnableApplicationClientSecret | EnableApplicationClientSecret | Enables the client key of an application in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| EnableApplicationProvisioning | EnableApplicationProvisioning | Enables the account synchronization feature for an application in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| EnableUser | EnableUser | Enables an Employee Identity and Access Management (EIAM) account of Identity as a Service (IDaaS). |
| GetApplicationAdvancedConfig | GetApplicationAdvancedConfig | Retrieves the advanced configuration of an application. |
| GetApplicationGrantScope | GetApplicationGrantScope | Queries the permissions of the Developer API feature for an Employee Identity and Access Management (EIAM) application. |
| GetGroup | GetGroup | Queries the information of an account group in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| GetInstance | GetInstance | Queries the details of a specified EIAM instance. |
| GetOrganizationalUnit | GetOrganizationalUnit | Queries the information about an organizational unit in Identity as a Service (IDaaS) Employee IAM (EIAM). |
| GetPasswordComplexityConfiguration | GetPasswordComplexityConfiguration | Queries the password complexity configurations of an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS). |
| GetPasswordExpirationConfiguration | GetPasswordExpirationConfiguration | Queries the password expiration configurations of an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS). |
| GetPasswordHistoryConfiguration | GetPasswordHistoryConfiguration | Queries the password history configurations of an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS). |
| GetPasswordInitializationConfiguration | GetPasswordInitializationConfiguration | Queries the password initialization configurations of an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS). |
| GetRootOrganizationalUnit | GetRootOrganizationalUnit | Queries the information about the root organizational unit in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| GetUser | GetUser | Queries the details of an account in Identity as a Service (IDaaS) Employee IAM (EIAM). |
| ListApplicationsForOrganizationalUnit | ListApplicationsForOrganizationalUnit | Queries the applications that an Employee Identity and Access Management (EIAM) organization can access. The return result includes the IDs of the applications. If you want to obtain the details of the applications, call the GetApplication operation. |
| ListConditionalAccessPolicies | List of Conditional Access Policies | List of Conditional Access Policies |
| ListConditionalAccessPoliciesForNetworkZone | List Conditional Access Policies Associated with Network Zones | List Conditional Access Policies Associated with Network Areas |
| ListGroups | ListGroups | Queries a list of account groups in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| ListGroupsForApplication | ListGroupsForApplication | Queries the account groups that are granted permissions to access an application and displays the results by page. The IDs of the account groups are returned. To query the detailed information about the account groups, call the GetGroup operation. |
| ListGroupsForUser | ListGroupsForUser | Queries a list of account groups to which an Employee Identity and Access Management (EIAM) account of Identity as a Service (IDaaS) belongs. |
| ListInstances | ListInstances | Queries information about one or more EIAM instances. |
| ListOrganizationalUnitsForApplication | ListOrganizationalUnitsForApplication | Queries the organizations that are allowed to access an Employee Identity and Access Management (EIAM) application by page. The return result includes the IDs of the organizations. If you want to obtain the details of the organizations, call the GetOrganizationalUnit operation. |
| ListRegions | ListRegions | Queries a list of supported Alibaba Cloud regions. |
| RemoveUserFromOrganizationalUnits | RemoveUserFromOrganizationalUnits | Removes an Employee Identity and Access Management (EIAM) account from multiple EIAM organizations of Identity as a Service (IDaaS). You cannot remove an account from a primary organization. |
| RemoveUsersFromGroup | RemoveUsersFromGroup | Removes Employee Identity and Access Management (EIAM) accounts from an EIAM group of Identity as a Service (IDaaS). |
| RevokeApplicationFromGroups | RevokeApplicationFromGroups | Revokes the permissions to access an application from multiple account groups at a time in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). |
| RevokeApplicationFromOrganizationalUnits | RevokeApplicationFromOrganizationalUnits | Revokes the permissions to access an application from multiple Employee Identity and Access Management (EIAM) organizations at a time. |
| RevokeApplicationFromUsers | RevokeApplicationFromUsers | Revokes the permissions to access an application from multiple Employee Identity and Access Management (EIAM) accounts at a time. |
| SetApplicationGrantScope | SetApplicationGrantScope | Configures the permissions of the Developer API feature of an Employee Identity and Access Management (EIAM) application. |
| SetApplicationProvisioningScope | SetApplicationProvisioningScope | Sets the account synchronization scope of applications in Identity as a Service (IDaaS) Employee IAM (EIAM). This scope is the same as the scope within which developers can call the DeveloperAPI to query and manage accounts. |
| SetForgetPasswordConfiguration | SetForgetPasswordConfiguration | Configures a forgot password policy for an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS). |
| SetPasswordComplexityConfiguration | SetPasswordComplexityConfiguration | Configures a password complexity policy for an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS). |
| SetPasswordHistoryConfiguration | SetPasswordHistoryConfiguration | Configures a password history policy for an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS). |
| SetPasswordInitializationConfiguration | SetPasswordInitializationConfiguration | Sets the password initialization configurations for an Employee Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS). |
| SetUserPrimaryOrganizationalUnit | SetUserPrimaryOrganizationalUnit | Updates the primary organizational unit to which an Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM) account belongs. This account will be removed from the previous primary organizational unit and added to the new primary organization. |
| UnlockUser | UnlockUser | Unlocks an Employee Identity and Access Management (EIAM) account of Identity as a Service (IDaaS) that is locked. |
| UpdateApplicationAuthorizationType | UpdateApplicationAuthorizationType | Modifies the authorization type of an Employee Identity and Access Management (EIAM) application. |
| UpdateApplicationDescription | UpdateApplicationDescription | Modifies the description of an Employee Identity and Access Management (EIAM) application. |
| UpdateApplicationSsoFormParams | UpdateApplicationSsoFormParams | Updates the SSO parameters for an application template. |
| UpdateGroup | UpdateGroup | Updates the information about an account group in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). If the information is empty, the information is not updated by default. |
| UpdateGroupDescription | UpdateGroupDescription | Updates the description of an Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM) account group. |
| UpdateInstanceDescription | UpdateInstanceDescription | Modifies the description of an Enterprise Identity and Access Management (EIAM) instance of Identity as a Service (IDaaS). |
| UpdateOrganizationalUnit | UpdateOrganizationalUnit | Updates the basic information about an Employee Identity and Access Management (EIAM) organization. The basic information about the organization is not updated by default if no parameter is specified. |
| UpdateOrganizationalUnitDescription | UpdateOrganizationalUnitDescription | Modifies the description of an Employee Identity and Access Management (EIAM) organization. |
| UpdateOrganizationalUnitParentId | UpdateOrganizationalUnitParentId | Updates the parent organization ID of an organization in Identity as a Service (IDaaS) Employee Identity and Access Management (EIAM). In this case, the organization is moved from a parent node to a new node. |
| UpdateUser | UpdateUser | Updates the basic information about an Employee Identity and Access Management (EIAM) account of Identity as a Service (IDaaS). |
| UpdateUserPassword | UpdateUserPassword | Updates the password information of an Employee Identity and Access Management (EIAM) account of Identity as a Service (IDaaS). The password must meet the requirements of the password policies that are configured in the IDaaS console. |