All Products
Search

This Product

    Alibaba Cloud DevOps:Create and manage organizations

    Document Center

    Alibaba Cloud DevOps:Create and manage organizations

    Last Updated:Jan 12, 2026

    Learn how to create an organization and manage its instances.

    Create an organization

    1. Log on to the Alibaba Cloud DevOps console with an Alibaba Cloud account or a Resource Access Management (RAM) user that has administrative permissions for Alibaba Cloud DevOps.

      The RAM user must have the AliyunRDCFullAccess permission.

    2. In the navigation pane on the left, choose Instances > Standard.

    3. Click Create Organization and configure the following parameters:

      For more information about user licenses and billing, see Billing rules for Alibaba Cloud DevOps (Region-based).

      • Region: Select the region where the organization is located.

      • Organization name: The name of the organization. You can change this after creation.

      • Organization ID: A unique identifier used to generate the organization's access endpoint and member account ID suffix. You cannot change this after creation.

      • Collaboration mode: Choose between Enterprise Collaboration Mode and Personal Mode. For more information about their differences, see Collaboration mode overview and selection.

      • Password: The initial password for the root account to log on to the organization. You can change this after creation.

    4. After creating the organization, go to the instance list page and click the organization name to open the organization details page.

    5. Click Go to Instance to open the organization's logon page. For more information about logon, see Accounts and logon.

    Collaboration mode overview and selection

    Alibaba Cloud DevOps Region edition offers two collaboration modes. We recommend you choose one based on your team size and security compliance requirements before creating an organization.

    Mode comparison

    Feature

    Personal Mode

    Enterprise Collaboration Mode

    Target users

    Designed for startup teams or individual developers.

    Designed for enterprise R&D teams that require strong data security and standardized development processes.

    Logon method

    Username and password.

    Username and password, or Single Sign-On (SSO).

    Integration with corporate identity providers

    Not supported.

    Supports Alibaba Cloud RAM, SAML, and Feishu. Integrations with other identity providers are under development.

    Virtual Private Cloud (VPC) access

    Not supported.

    Supports private endpoints and integration with your enterprise VPC.

    Development asset backup

    Not supported.

    Supports code repository backups.

    IP address whitelist

    Not supported.

    Supports configuring an IP address whitelist.

    Audit log

    Not supported.

    Supports pushing operation logs to ActionTrail.

    How to choose a collaboration mode

    Important

    Personal Mode includes free user licenses and lets you create a maximum of five accounts. Enterprise Collaboration Mode unlocks many enterprise-grade features and requires payment for user licenses based on the actual number of users.

    • If you are an individual developer or part of a small startup team that wants to quickly get started with Alibaba Cloud DevOps without complex security controls and enterprise integrations, choose the Personal Mode.

    • If you are an enterprise R&D team that requires:

      • Unified logon with a corporate identity system (SSO)

      • VPC access for code management and pipelines

      • Operation auditing and security compliance

      • Development asset backup

      We recommend you select the Enterprise Collaboration Mode.

    Upgrade and downgrade collaboration modes

    Upgrade from Personal Mode to Enterprise Collaboration Mode

    1. Log on to the Alibaba Cloud DevOps console with an Alibaba Cloud account or a RAM user that has administrative permissions for Alibaba Cloud DevOps.

    2. In the navigation pane on the left, choose Instances > Standard.

    3. On the instance list page, click the organization name to open the organization details page.

    4. Click Upgrade collaboration mode to complete the upgrade.

    Downgrade from Enterprise Collaboration Mode to Personal Mode

    To downgrade, you must meet the following conditions:

    1. The number of users in the organization must be reduced to five or fewer. Delete any extra users.

    2. Remove all corporate identity provider integrations from Alibaba Cloud DevOps.

    3. Disable the VPC access mode and remove all associated VPCs.

    4. There must be no other organization in the current region using the Personal Mode.

    Procedure:

    1. Log on to the Alibaba Cloud DevOps console with an Alibaba Cloud account or a RAM user that has administrative permissions for Alibaba Cloud DevOps.

    2. In the navigation pane on the left, choose Instances > Standard.

    3. On the instance list page, click the organization name to open the organization details page.

    4. Click More > Downgrade collaboration mode. After confirming that you meet the downgrade requirements, check the confirmation box and click OK.

    Manage an organization instance

    After you create an organization, you can view and manage its information, resource usage, security configurations, and network settings on the organization details page.

    Organization overview

    The Overview tab contains the following information:

    • Basic Information:

      • Instance Name: The name of the organization. This can be changed.

      • Instance ID: The unique ID of the organization. You cannot change this.

      • Region: The region where the organization is located.

      • Description: A description of the organization. This can be changed.

      • Creation Time: The time the organization was created. You cannot change this.

      • Collaboration mode: The collaboration mode of the organization.

    • Instance Information:

      • Public Endpoint: The public access endpoint of the organization.

      • Private Endpoint: The private access endpoint of the organization.

      • Root Account Status: The ID of the root account (generated as root_<Organization ID>) and its status. You can disable the root account in the security settings.

      • IP Address Whitelist: The status of the IP address whitelist. You can configure the whitelist in the security settings.

      • Domain Name IP

      • Egress IP

    • Service Information: View DevOps service orders and license status. (Available only in Enterprise Collaboration Mode).

    Resource usage

    View the resource usage of the current organization instance, including:

    • Code storage resources

    • Pipeline execution resources

    Note

    Resource usage statistics are not real-time and are typically delayed by an hour.

    Security settings

    Root account management

    • Enable or disable the root account.

    • Change the password of the root account. You can change the password when the root account is enabled.

    IP address whitelist

    The IP address whitelist restricts access to your organization instance from specific source IPs for enhanced security.

    • You can enable or disable the IP address whitelist.

    • It supports group management to define IP ranges for different access scenarios.

    • When you first enable it, the system automatically populates the whitelist with 0.0.0.0/0, which allows access from all IP addresses by default.

    • You can manually edit the whitelist to include only the IP addresses or CIDR blocks that you want to allow.

    Audit log

    Operation logs for your Alibaba Cloud DevOps organization are automatically delivered to the Alibaba Cloud ActionTrail service in the purchaser's Alibaba Cloud account. By default, you can query the last 90 days of logs.

    In ActionTrail, you can configure the following:

    • Store logs in Simple Log Service (SLS) or Object Storage Service (OSS).

    • Implement long-term retention, query, analysis, and compliance auditing.

    Network settings

    Public access mode

    • By default, new organizations have public access enabled.

    • The system assigns a public endpoint to the organization, which you can only access over the internet.

    VPC access mode

    If you need to access Alibaba Cloud DevOps through your enterprise VPC, follow these steps to enable the VPC access mode:

    1. Go to the organization details page and switch to the Network Configuration tab.

    2. Select Enable VPC access mode.

    3. After you enable this mode, a private endpoint is assigned to your organization. You cannot access this endpoint from the public internet and can only reach it from an associated VPC.

    4. Click Add VPC, select a VPC ID, and associate a security group and at least one vSwitch. You can add multiple vSwitches to ensure network availability.

    Restrict public access by using a VPC

    To make your organization accessible only from within a VPC and not from the public internet, follow these steps:

    1. Go to the organization details page and switch to the Network Configuration tab.

    2. Select Enable VPC access mode.

    3. Click Add VPC, select a VPC ID, and associate a security group and a vSwitch.

    4. Go to the VPC console to find the IP address information for the VPC you configured in step 3.

    5. On the Security Settings tab of the Alibaba Cloud DevOps organization details page, add the IP address you obtained in the previous step to the IP address whitelist.

    Delete an organization

    Important

    Deleting an organization permanently erases all its data, including all code repositories, pipelines, departments, and members. This action is irreversible. Please proceed with caution.

    Prerequisites for deletion:

    • You cannot delete an organization if it has active, paid subscriptions.

    • You can only delete an organization after its subscriptions have been cancelled or have expired, at which point the instance is stopped and inaccessible.

    Procedure:

    1. Log on to the Alibaba Cloud DevOps console. In the navigation pane on the left, choose Instances > Standard.

    2. On the instance list page, click the organization name to open the organization details page.

    3. Click More > Delete.

    4. In the dialog box that appears, enter the organization name and click OK.

    Upgrade an organization from the Global edition to a region-specific edition

    If you have an organization in the Alibaba Cloud DevOps global edition and want to use region-specific features such as VPC access and private network builds, you can submit a ticket to request an upgrade. After our team performs the upgrade, please note the following changes:

    1. Region switching: Currently, Alibaba Cloud DevOps supports only the Singapore region for this upgrade. Before the upgrade, your organization is listed under "Global". After the upgrade, your organization will be listed under the Singapore region. You must switch the region to Singapore in the console to see your organization.

    2. Build cluster configuration adjustments: The Global and Singapore region-specific editions use different build clusters. After the upgrade, you must update your pipeline's build cluster settings to associate the build cluster with your VPC. This allows your build and deployment processes to connect to Alibaba Cloud resources, such as Elastic Compute Service (ECS), Container Service for Kubernetes (ACK), Container Registry (ACR), and OSS through the VPC. For more information, see Build clusters.