All Products
Search

This Product

    Alibaba Cloud DevOps:Quick start for new region-based organizations

    Document Center

    Alibaba Cloud DevOps:Quick start for new region-based organizations

    Last Updated:Dec 17, 2025

    This topic describes how to quickly get started with new region-based organizations.

    Advantages of region-based organizations

    • Provides VPC domain names. You can associate your organization with your enterprise's VPCs and security groups. This allows Alibaba Cloud DevOps sites and code repository addresses to be accessed only from within the VPC.

    • Supports running builds and deployments (Continuous Integration/Continuous Delivery (CI/CD)) entirely within a VPC. This improves speed, enhances security, and reduces costs.

    • Supports integration with enterprise identity sources, such as DingTalk and Lark. This enables single sign-on (SSO) for more standardized account management.

    Activate Alibaba Cloud DevOps

    Before you use Alibaba Cloud DevOps for the first time, you must activate the service. After activation, the system automatically creates a pay-as-you-go order. You can then create an Alibaba Cloud DevOps organization and use its features.

    To support individual developers and startup R&D teams, Alibaba Cloud DevOps provides a free quota that includes compute resources, storage space, and user licenses. Enterprise users can also try the product at no charge within this free quota.

    When your usage exceeds the free quota, the system automatically charges you based on the standard billing rules. You can use the service flexibly as needed and upgrade to a paid plan at any time to access advanced features and more resources.

    image

    Create a region-based organization

    1. Log on to the Alibaba Cloud DevOps console using an Alibaba Cloud account or a Resource Access Management (RAM) user that has Alibaba Cloud DevOps management permissions.

      A RAM user must have the AliyunRDCFullAccess permission.

    2. In the navigation pane on the left, choose Instance Management > Standard Edition. Then, select a region at the top of the page.

      If this is your first time, click Activate Alibaba Cloud DevOps, create a service-linked role as prompted, and then click Activate Now.

    3. Click New Organization and configure the following parameters:

      For more information about purchase permissions and billing, see Billing (Region-based).

      • Region: Select the region for the organization. Currently, only China (Shanghai) is supported.

      • Organization Name: The name of the organization. You can change the name after the organization is created.

      • Organization Identity: The organization's access domain name and member account ID suffix are automatically generated based on this identity. This identity cannot be changed after the organization is created.

      • Collaboration Mode: Select Enterprise Collaboration Mode or Personal Use Mode as needed.

      • Administrator Account Password: The initial password for the root account to log on to the organization. You can change the password after the organization is created.

    4. After you complete the configuration, click Create Organization. On the instance list page, click the organization name to go to the details page. On this page, you can view the organization's basic information and the administrator's logon account. The account is a randomly generated string that is combined with the organization identity.

    5. Click Access Instance. On the logon page, enter the logon account and administrator password, and then click Log On. You can view the logon account on the instance details page:

      image

    Create organization members

    Alibaba Cloud DevOps supports two methods for adding new members: manual addition by an organization administrator or automatic synchronization from a third-party identity source.

    Method 1: Manually add members

    1. Log on to the Alibaba Cloud DevOps organization using an administrator account.

    2. Click the profile picture in the upper-right corner and select Management Backend from the drop-down menu.

    3. In the navigation pane on the left, choose Member Management. Click New User and fill in the required information, such as Name, Account ID, Initial Password, and Department, along with other optional information.

    4. Click Confirm to create the member. For more information about member management, see Member Management.

    Method 2: Synchronize from a third-party identity source

    When a user logs on to Alibaba Cloud DevOps for the first time through a configured identity source, the system automatically creates an Alibaba Cloud DevOps account for the user and adds the user to the current organization. The following identity source types are supported:

    • Alibaba Cloud RAM

    • DingTalk

    • Lark

    • SAML

    To configure an identity source, log on to the Alibaba Cloud DevOps organization and click the profile picture in the upper-right corner. Select Management Backend from the drop-down menu. In the navigation pane on the left, choose Identity Source Management. Select the type that corresponds to your enterprise's identity system and complete the configuration. For more information, see Identity Source Management.

    image

    Collaboration modes explained

    The region-based version of Alibaba Cloud DevOps offers two collaboration modes. You must choose a mode based on your team size and security compliance requirements before you create an organization.

    Mode comparison

    Feature

    Personal Use Mode

    Enterprise Collaboration Mode

    Target users

    For startup R&D teams or individual developers

    For enterprise-level R&D teams that have high requirements for R&D data security and process standardization

    Logon method

    Username and password

    Username and password or single sign-on (SSO)

    Integration with corporate identity sources

    Not supported

    Alibaba Cloud RAM, SAML, and Lark are supported.

    Other types of identity sources are under development.

    VPC access method

    Not supported

    Endpoints in virtual private clouds (VPCs) and integration with enterprise VPCs are supported.

    R&D asset backup

    Not supported

    Code repository backup is supported.

    IP address whitelist

    Not supported

    IP address whitelists are supported.

    Audit log

    Not supported

    Operation logs can be pushed to ActionTrail.

    How to choose a collaboration mode

    Important

    You do not need to pay license fees for the Personal Use Mode, and you can create a maximum of five accounts. The Enterprise Collaboration Mode provides multiple enterprise-level features, and you must pay license fees based on the number of users.

    • If you are an individual developer or a small startup team that wants to quickly try Alibaba Cloud DevOps and does not require complex security controls or enterprise integration, select the Personal Use Mode.

    • If you are on an enterprise R&D team, you need:

      • SSO with your corporate identity system

      • Access to code management and pipelines over a VPC

      • Operation audit and security compliance

      • R&D asset backup

      We recommend selecting the Enterprise Collaboration mode.

    Enable VPC access mode

    If your enterprise requires that Alibaba Cloud DevOps can be accessed only from your company's internal network or a specific VPC, you can enable the VPC access mode. After you enable this mode, you obtain a VPC domain name. This domain name can be accessed only through the associated virtual private cloud (VPC) and not from the public network. To enable the VPC access mode, perform the following steps:

    1. Log on to the Alibaba Cloud DevOps console and select the region of the organization at the top of the page.

    2. Click the name of the target organization to go to its details page, and then click the Network Configuration tab.

    3. Select Enable VPC Access Mode, click Add VPC, and configure the following parameters:

      • Select a VPC.

      • Associate a Security Group and a vSwitch.

      You must associate at least one vSwitch. You can add multiple vSwitches to ensure network availability.

    4. After the configuration is complete, click OK.

    You can now access Alibaba Cloud DevOps in one of the following two ways:

    • From any public network: Use the public endpoint.

    • From the attached VPC and its interconnected networks: Use the VPC endpoint.

    If you have high network security requirements, see Restrict public network access.

    Restrict public network access

    If you want your organization to be accessible only from a VPC and not from the public network, perform the following steps. Before you begin, make sure that you have enabled the VPC access mode.

    1. Go to the VPC console to view the egress IP address of the VPC that you configured when you enabled the VPC access mode.

    2. On the Security Settings tab of the Alibaba Cloud DevOps organization details page, enable the IP Whitelist feature.

    3. In the IP group list, find the Default group and click Edit IP Group. Delete the default 0.0.0.0/0 entry. Add the IP address that you obtained in the previous step to the IP address text box, and then click Save.

    What to do next

    • Add organization members: You can integrate with various identity sources, such as Alibaba Cloud accounts, SAML, DingTalk, and Lark. After the configuration is complete, users can log on using single sign-on (SSO) from their identity provider.

    • Create a code repository: You can create enterprise-level code repositories to centrally host project source code. You can access repositories through an enterprise-specific domain name and use permissions and branch protection policies for secure and controlled code collaboration.

    • Use an Alibaba Cloud DevOps-hosted VPC build cluster: You can perform builds and deployments within your VPC.