All Products
Search

This Product

    Alibaba Cloud DevOps:Create and manage organizations

    Document Center

    Alibaba Cloud DevOps:Create and manage organizations

    Last Updated:Dec 04, 2025

    This topic describes how to create and manage an organization instance.

    Create an organization

    1. Log on to the Alibaba Cloud DevOps console using an Alibaba Cloud account or a Resource Access Management (RAM) user that has Alibaba Cloud DevOps management permissions.

      The RAM user must have the AliyunRDCFullAccess permission.

    2. In the navigation pane on the left, choose Instances > Standard.

    3. Click Create Organization and configure the following parameters:

      For more information about permissions and billing, see Billing for region-specific versions.

      • Region: Select the region where the organization will reside.

      • Organization Name: The name of the organization. You can change the name after the organization is created.

      • Organization ID: The access domain name and the member account ID suffix of the organization are automatically generated based on the organization identifier. The identifier cannot be changed after the organization is created.

      • Collaboration mode: Enterprise Collaboration Mode and Personal Mode are supported. For more information about the feature differences between the modes, see Description and selection of collaboration modes.

      • Password: The password for the initial root account to log on to the organization. You can change this password after the organization is created.

    4. After the organization is created, go to the instance list page and click the organization name to view the details page.

    5. Click Go to Instance to open the organization logon page. For more information about logon, see Accounts and logon.

    Description and selection of collaboration modes

    The region-specific version of Alibaba Cloud DevOps provides two collaboration modes. Select a mode based on your team size and security compliance requirements before you create an organization.

    Mode comparison

    Feature

    Personal Use Mode

    Enterprise Collaboration Mode

    Target users

    For startup R&D teams or individual developers

    For enterprise-level R&D teams that have high requirements for R&D data security and process standardization

    Logon method

    Username and password

    Username and password or single sign-on (SSO)

    Integration with corporate identity sources

    Not supported

    Alibaba Cloud RAM, SAML, and Lark are supported.

    Other types of identity sources are under development.

    VPC access method

    Not supported

    Endpoints in virtual private clouds (VPCs) and integration with enterprise VPCs are supported.

    R&D asset backup

    Not supported

    Code repository backup is supported.

    IP address whitelist

    Not supported

    IP address whitelists are supported.

    Audit log

    Not supported

    Operation logs can be pushed to ActionTrail.

    How to choose a collaboration mode

    Important

    You do not need to pay license fees for the Personal Use Mode, and you can create a maximum of five accounts. The Enterprise Collaboration Mode provides multiple enterprise-level features, and you must pay license fees based on the number of users.

    • If you are an individual developer or a small startup team that wants to quickly try Alibaba Cloud DevOps and does not require complex security controls or enterprise integration, select the Personal Use Mode.

    • If you are on an enterprise R&D team, you need:

      • SSO with your corporate identity system

      • Access to code management and pipelines over a VPC

      • Operation audit and security compliance

      • R&D asset backup

      We recommend selecting the Enterprise Collaboration mode.

    Upgrade and downgrade collaboration modes

    Upgrade from Personal Use Mode to Enterprise Collaboration Mode

    1. Log on to the Alibaba Cloud DevOps console using an Alibaba Cloud account or a RAM user that has Alibaba Cloud DevOps management permissions.

    2. In the navigation pane on the left, choose Instances > Standard.

    3. On the instance list page, click the organization name to go to the details page.

    4. Click Upgrade collaboration mode to complete the upgrade.

    Downgrade from Enterprise Collaboration Mode to Personal Use Mode

    The following conditions must be met to downgrade:

    1. The number of users in the organization must be five or fewer. You must delete any extra users.

    2. Remove all corporate identity sources from Alibaba Cloud DevOps.

    3. Disable the VPC access mode and disassociate all VPCs.

    4. No other organizations that use the Personal mode can exist in the current region.

    Procedure:

    1. Log on to the Alibaba Cloud DevOps console using an Alibaba Cloud account or a RAM user that has Alibaba Cloud DevOps management permissions.

    2. In the navigation pane on the left, choose Instances > Standard.

    3. On the instance list page, click the organization name to go to the details page.

    4. Click More > Downgrade collaboration mode. After you confirm that the downgrade requirements are met, select the confirmation message, and then click OK.

    Manage an organization instance

    After you create an organization, you can view and manage organization information, resource usage, security configurations, and network settings on the organization details page.

    Organization overview

    The Overview tab contains the following information:

    • Basic Information:

      • Instance Name: The name of the organization. You can change the name.

      • Instance ID: The unique identifier of the organization. You cannot change the ID.

      • Region: The region where the organization resides.

      • Description: The description of the organization. You can change the description.

      • Creation Time: The time when the organization was created. You cannot change the time.

      • Collaboration mode: The collaboration mode of the organization.

    • Instance Information:

      • Public Endpoint: The public endpoint for accessing the organization.

      • Private Endpoint: The private endpoint for accessing the organization.

      • Root Account Status: The ID and status of the root account. The ID is generated based on the `root_Organization identifier` format. You can disable the root account in the security settings.

      • IP Address Whitelist: The status of the IP address whitelist. You can configure an IP address whitelist in the security settings.

      • Domain Name IP

      • Egress IP

    • Service Information: Displays the status of Alibaba Cloud DevOps service orders and licenses. This feature is available only in Enterprise Collaboration Mode.

    Resource usage

    You can view the research and development (R&D) resource usage of the organization instance, including the following:

    • Code storage resources

    • Pipeline build resources

    Note

    Resource statistics are not real-time and are typically delayed by up to an hour.

    Security settings

    Root account management

    • Enable or disable the root account.

    • Change the password of the root account: When the root account is enabled, you can change its password.

    IP address whitelist

    An IP address whitelist is used to restrict the source IP addresses that can access the organization instance to improve access security.

    • Enable or disable IP address whitelist control.

    • Manage IP addresses by group and divide IP address segments based on access scenarios.

    • When you enable this feature for the first time, the system automatically populates the whitelist with 0.0.0.0/0, which allows access from all IP addresses by default.

    • Manually modify the whitelist to retain only the allowed IP addresses or CIDR blocks.

    Audit log

    The operation logs of an Alibaba Cloud DevOps organization are automatically delivered to ActionTrail for the Alibaba Cloud account that was used to purchase the organization. By default, you can query logs from the last 90 days.

    You can perform the following operations in ActionTrail:

    • Store logs in Simple Log Service (SLS) or Object Storage Service (OSS).

    • Implement long-term retention (LTR), query analysis, and compliance audits.

    Network settings

    Public access mode

    • The public access mode is enabled by default for new organizations.

    • The system assigns a public endpoint to the organization. This endpoint can be accessed only over the internet.

    VPC-only mode

    To access Alibaba Cloud DevOps over an enterprise VPC, enable the VPC access mode:

    1. Go to the organization details page and switch to the Network Configuration tab.

    2. Select Enable VPC access mode.

    3. After you enable this mode, a private endpoint is generated. This endpoint can be accessed only through the associated VPC and not over the internet.

    4. Click Add VPC, select a VPC ID, and associate a Security Group and at least one vSwitch. You can add multiple vSwitches to ensure network availability.

    Restrict public access using a VPC

    To make the organization accessible only from within a VPC and not over the internet, perform the following steps:

    1. Go to the organization details page and switch to the Network Configuration tab.

    2. Select Enable VPC access mode.

    3. Click Add VPC, select a VPC ID, and associate a Security Group and a vSwitch.

    4. Go to the VPC console to find the IP address information of the VPC that you configured in the previous step.

    5. On the Security Settings tab of the Alibaba Cloud DevOps organization details page, add the IP address that you obtained in the previous step to the whitelist.

    Delete an organization

    Important

    After you delete an organization, all its data, such as code repositories, pipelines, departments, and members, is permanently deleted. This operation cannot be undone. Proceed with caution.

    Notes on deletion:

    • If the organization has active paid orders, it cannot be deleted.

    • When the organization's orders are canceled or expire, the organization instance stops running and becomes inaccessible. Only then can the organization be deleted. This deletion is irreversible.

    Procedure:

    1. Log on to the Alibaba Cloud DevOps console. In the navigation pane on the left, choose Instances > Standard.

    2. On the instance list page, click the organization name to go to the details page.

    3. Click More > Delete.

    4. In the dialog box that appears, enter the organization name and click OK.

    Upgrade an organization from the global version to a region-specific version

    If you created an organization in the Global version of Alibaba Cloud DevOps and want to use the features of a region-specific version, such as VPC access and deployment in a VPC, you can submit a ticket to apply for an upgrade. We will perform the upgrade in the background. After the upgrade is complete, take note of the following points:

    1. Region switching: Currently, Alibaba Cloud DevOps supports only the Singapore region. Before the upgrade, your organization is in the organization list of the Global version. After the upgrade, the organization is moved to the Singapore list. You must switch the region to Singapore in the console to view your organization.

    2. Build cluster configuration adjustment: The build clusters for the global version and the Singapore region-specific version are different. After the organization is upgraded, you must adjust the build cluster settings for Flow and associate the build cluster with a VPC. This lets you connect to Alibaba Cloud resources, such as ECS, ACK, ACR, and OSS, over the VPC during the build and deployment process. For more information about the settings, see Build clusters.