All Products
Search

This Product

    Alibaba Cloud DevOps:Alibaba Cloud account integration

    Document Center

    Alibaba Cloud DevOps:Alibaba Cloud account integration

    Last Updated:May 14, 2025

    This topic describes how to integrate the Alibaba Cloud identity source with Alibaba Cloud DevOps to facilitate Resource Access Management (RAM) user logon.

    Prerequisites

    An organization is created. For more information, see Create an organization.

    Configure the Alibaba Cloud identity source

    Alibaba Cloud DevOps allows you to associate the Alibaba Clooud account that purchases the current organization and allows the RAM users of the account for logon.

    1. Log on to the Alibaba Cloud DevOps console with the organization administrator account. For the initial logon, the root account is required. For more information about the root account password, see Create an organization.

    2. In the Alibaba Cloud DevOps console, click the profile picture in the upper right corner, and select Organization Settings from the drop-down list.矮的 (18)

    3. On the Organization Settings page, click Identity Providers. Then, select Alibaba Cloud and click Configure to enter the configuration details page.image

    4. In the Configure Oauth Application step, complete the following operations:

      1. Create an application and obtain an application credentical.

        1. Use the Alibaba Clooud account that purchases the current organization to log on to the RAM console, choose OAuth Preview > Create Application.

          On the page that appears:

          • Specify Application Name and Display Name.

          • Select Web Application for Application Type. Such applications indicate network ones based on browser interaction.

          • Specify Access Token Validity and Refresh Token Validity.

            • The access token validity ranges from 900 seconds (equal to 15 minutes) to 10,800 seconds (equal to 3 hours). The default one is 3,600 seconds.

            • The refresh token validity ranges from 7,200 seconds (equal to 2 hours) to 31,536,000 seconds (equal to 1 year). The default one is 2,592,000 seconds.

          • Specify Callback Address. Note that you must enter Logon Callback URL displayed in the Alibaba Cloud DevaOps console, as shown in the following figure.1747206281358_85B974CB-BD2F-4df9-859C-3B5B94C06BE8

          • After the preceding configurations are completed, click Create Application.

        2. Click the name of the created application on the Enterprise Applicaion tab to enter the application details page. On the page that appears, click Add OAuth Scope to add the authorization to the aliuid and profile fields. Then, click OK.

          • aliuid: The system obtains the unique user identifier (UID) issued by Alibaba Cloud, including the UIDs of a RAM user and its Alibaba Cloud account.

          • profile: The system obtains the name of the RAM user associated with the logon user. If the logon user uses the Alibaba Cloud account for logon, the systems obtains the username of the account. If the RAM useruses the RAM user for logon, the system obtains the user principal name (UPN) and display name.image

        3. Obtain the Application ID and AppSecretValue values.

          • Application ID: View Application ID on the Enterprise Applications tab.image

          • AppSecretValue: On the application details page, click App Secrets and Create Secret to generate an AppSecretValue. To download the generated app secret, click Download SecretCopy. Note that the AppSecretValue is only displayed once. Keep it secured.image

      2. Enter Obtain the Application ID and AppSecretValue values.

        1747209627141_7C260198-AAA1-47a1-847F-9AEC3E835C42

    5. Click Next to proceed to the Enable Services step. Then, click Save to finalize the integration with the Alibaba Cloud identity source.

    Log on to Alibaba Cloud DevOps as a RAM user

    1. After configuring the Alibaba Cloud identity source, enter the Identity Providers page to switch the Logon Method to Alibaba Cloud.

    2. After the switchover is successful, you can log on to the Alibaba Cloud DevOps console as a RAM account.

      Important

      • The RAM user together with the organization belongs to the same Alibaba Cloud account, and must be at least granted to the AliyunRDCReadOnlyAccess permission.

      • The Alibaba Cloud account that purchases the current organization and other unauthorized RAM users are not be allowed to log on.

      • Access to the current organization from the root account remains active. For more information, see Accounts and logon.

    Remove the Alibaba Cloud identity source

    1. Log on to the Alibaba Cloud DevOps console with the organization administrator account, click the profile image in the upper right corner and select Organization Settings, go to the Organization Settings, and then select Identity Providers.

    2. Select the linked Alibaba Cloud identity source and click View Details.

    3. Click Remove Integration in the upper right corner, and then click Remove in the message that appears.

      Important

      After the integration is removed, existing organization members are not associated, and RAM users associated with the Alibaba Cloud account that purchases the current organization are not allowed to log on to Alibaba Cloud DevOps.

    Log out of Alibaba Cloud DevOps

    When loging out of the Alibaba Cloud DevOps console, a RAM or root user also log out of Alibaba Cloud.

    Session duration

    The session duration is determined by Alibaba Cloud DevOps. If the session duration exceeds the logon retention time of Alibaba Cloud DevOps, users log out of Alibaba Cloud DevOps. If they want to continue the use of Alibaba Cloud DevOps, they must log on again.