'1.0', 'info' => ['style' => 'RPC', 'product' => 'cloudsso', 'version' => '2021-05-15'], 'directories' => [ [ 'children' => ['EnableService', 'DisableService', 'GetServiceStatus'], 'type' => 'directory', 'title' => 'Manage cloudSSO', ], [ 'children' => ['UpdateUserStatus', 'DeleteMFADeviceForUser', 'UpdateUserMFAAuthenticationSettings', 'GetUserId'], 'type' => 'directory', 'title' => 'Manage users', ], [ 'children' => ['AddUserToGroup'], 'type' => 'directory', 'title' => 'Manage user groups', ], [ 'children' => ['CreateSCIMServerCredential', 'UpdateSCIMServerCredentialStatus', 'DeleteSCIMServerCredential'], 'type' => 'directory', 'title' => 'Manage SCIM synchronization', ], [ 'children' => ['CreateAccessConfiguration', 'ListAccessConfigurations', 'GetAccessConfiguration', 'UpdateAccessConfiguration', 'DeleteAccessConfiguration', 'AddPermissionPolicyToAccessConfiguration', 'RemovePermissionPolicyFromAccessConfiguration', 'UpdateInlinePolicyForAccessConfiguration'], 'type' => 'directory', 'title' => 'Manage access configurations', ], [ 'children' => ['ProvisionAccessConfiguration', 'DeprovisionAccessConfiguration', 'ListAccessConfigurationProvisionings', 'CreateAccessAssignment', 'ListAccessAssignments', 'DeleteAccessAssignment'], 'type' => 'directory', 'title' => 'Manage multi-account authorization', ], [ 'children' => ['CreateUserProvisioning', 'ListUserProvisionings', 'UpdateUserProvisioning', 'DeleteUserProvisioning', 'ListUserProvisioningEvents'], 'type' => 'directory', 'title' => 'Manage RAM user synchronization', ], [ 'children' => [ 'AddExternalSAMLIdPCertificate', 'ClearExternalSAMLIdentityProvider', 'CreateDirectory', 'CreateGroup', 'CreateUser', 'DeleteDirectory', 'DeleteGroup', 'DeleteUser', 'DeleteUserProvisioningEvent', 'DisableDelegateAccount', 'EnableDelegateAccount', 'GetDirectory', 'GetDirectorySAMLServiceProviderInfo', 'GetDirectoryStatistics', 'GetExternalSAMLIdentityProvider', 'GetGroup', 'GetLoginPreference', 'GetMFAAuthenticationSettingInfo', 'GetMFAAuthenticationSettings', 'GetMFAAuthenticationStatus', 'GetPasswordPolicy', 'GetSCIMSynchronizationStatus', 'GetTask', 'GetTaskStatus', 'GetUser', 'GetUserMFAAuthenticationSettings', 'GetUserProvisioning', 'GetUserProvisioningConfiguration', 'GetUserProvisioningEvent', 'GetUserProvisioningRdAccountStatistics', 'GetUserProvisioningStatistics', 'ListDirectories', 'ListExternalSAMLIdPCertificates', 'ListGroupMembers', 'ListGroups', 'ListJoinedGroupsForUser', 'ListMFADevicesForUser', 'ListPermissionPoliciesInAccessConfiguration', 'ListSCIMServerCredentials', 'ListTasks', 'ListUsers', 'RemoveExternalSAMLIdPCertificate', 'RemoveUserFromGroup', 'ResetUserPassword', 'RetryUserProvisioningEvent', 'SetExternalSAMLIdentityProvider', 'SetLoginPreference', 'SetMFAAuthenticationStatus', 'SetPasswordPolicy', 'SetSCIMSynchronizationStatus', 'UpdateDirectory', 'UpdateGroup', 'UpdateMFAAuthenticationSettings', 'UpdateUser', 'UpdateUserProvisioningConfiguration', ], 'title' => 'Others', 'type' => 'directory', ], ], 'components' => [ 'schemas' => [], ], 'apis' => [ 'AddExternalSAMLIdPCertificate' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => ['operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'X509Certificate', 'in' => 'query', 'schema' => ['description' => 'The X.509 certificate in the PEM format.'."\n" ."\n" .'The certificate is provided by the SAML identity provider (IdP).'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'MIIC8DCCAdigAwIBAgIQP9eomUYGeoND****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '12B3E332-DD16-515B-B695-39BA233AA172', 'title' => ''], 'CertificateId' => ['description' => 'The ID of the SAML signing certificate.'."\n", 'type' => 'string', 'example' => 'idp-c-00wk2fb4foracls0****', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"12B3E332-DD16-515B-B695-39BA233AA172\\",\\n \\"CertificateId\\": \\"idp-c-00wk2fb4foracls0****\\"\\n}","errorExample":""},{"type":"xml","example":"\\n 12B3E332-DD16-515B-B695-39BA233AA172\\n idp-c-00wk2fb4foracls0****\\n","errorExample":""}]', 'title' => 'AddExternalSAMLIdPCertificate', 'summary' => 'Adds a Security Assertion Markup Language (SAML) signing certificate.', 'description' => 'You can add up to two SAML signing certificates.'."\n" ."\n" .'This topic provides an example on how to add a SAML signing certificate to the directory `d-00fc2p61****`.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'create', 'ramAction' => [ 'action' => 'cloudsso:AddExternalSAMLIdPCertificate', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'AddPermissionPolicyToAccessConfiguration' => [ 'summary' => 'Adds a policy to an access configuration.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'AccessConfigurationId', 'in' => 'query', 'schema' => ['description' => 'The ID of the access configuration.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'ac-00jhtfl8thteu6uj****', 'title' => ''], ], [ 'name' => 'PermissionPolicyType', 'in' => 'query', 'schema' => ['description' => 'The type of the policy. Valid values:'."\n" ."\n" .'- System: system policy. Resource Access Management (RAM) system policies are reused.'."\n" ."\n" .'- Inline: inline policy. Inline policies are created based on the RAM policy syntax and structure.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'System', 'title' => ''], ], [ 'name' => 'PermissionPolicyName', 'in' => 'query', 'schema' => ['description' => 'The name of the policy.'."\n" ."\n" .'- If you set `PermissionPolicyType` to `System`, you must set PermissionPolicyName to the name of a system policy. You can obtain the name of the system policy from RAM.'."\n" ."\n" .'- If you set `PermissionPolicyType` to `Inline`, you must set PermissionPolicyName to the name of an inline policy. A custom value is supported. The value can be up to 32 characters in length.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'AliyunECSFullAccess', 'title' => ''], ], [ 'name' => 'InlinePolicyDocument', 'in' => 'query', 'schema' => ['description' => 'The configurations of the inline policy.'."\n" ."\n" .'The value can be up to 4,096 characters in length.'."\n" ."\n" .'If you set `PermissionPolicyType` to `Inline`, you must specify this parameter. For more information about the syntax and structure of RAM policies, see [Policy syntax and structure](~~93739~~).', 'type' => 'string', 'required' => false, 'example' => '{"Statement": [{"Action": "*","Effect": "Allow","Resource": "*"}],"Version": "1"}', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'B7C6E839-FB65-59BE-B753-003AA8AF7DF7', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'AddPermissionPolicyToAccessConfiguration', 'description' => 'This topic provides an example on how to add the system policy `AliyunECSFullAccess` to the access configuration `ac-00jhtfl8thteu6uj****`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'AddPermissionPolicyToAccessConfiguration'], ], ], 'ramActions' => [ [ 'operationType' => 'create', 'ramAction' => [ 'action' => 'cloudsso:AddPermissionPolicyToAccessConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"B7C6E839-FB65-59BE-B753-003AA8AF7DF7\\"\\n}","type":"json"}]', ], 'AddUserToGroup' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'GroupId', 'in' => 'query', 'schema' => ['description' => 'The ID of the group.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'g-00jqzghi2n3o5hkh****', 'title' => ''], ], [ 'name' => 'UserId', 'in' => 'query', 'schema' => ['description' => 'The ID of the user.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], ], [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'F76AF4FC-25E4-5CF1-B7CB-74F3CB72F0F0', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'AddUserToGroup', 'summary' => 'Adds a user to a group.', 'description' => 'If System for Cross-domain Identity Management (SCIM) synchronization is enabled, you cannot add a user to a group that is synchronized by using SCIM.'."\n" ."\n" .'This topic provides an example on how to add the user `u-00q8wbq42wiltcrk****` to the group `g-00jqzghi2n3o5hkh****`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '50', 'countWindow' => 1, 'regionId' => '*', 'api' => 'AddUserToGroup'], ], ], 'ramActions' => [ [ 'operationType' => 'create', 'ramAction' => [ 'action' => 'cloudsso:AddUserToGroup', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/{#GroupId}'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"F76AF4FC-25E4-5CF1-B7CB-74F3CB72F0F0\\"\\n}","type":"json"}]', ], 'ClearExternalSAMLIdentityProvider' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '96D1E5FF-0301-5636-8D33-071E033CFB82', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"96D1E5FF-0301-5636-8D33-071E033CFB82\\"\\n}","errorExample":""},{"type":"xml","example":"\\n 96D1E5FF-0301-5636-8D33-071E033CFB82\\n","errorExample":""}]', 'title' => 'ClearExternalSAMLIdentityProvider', 'summary' => 'Clears the configurations of a Security Assertion Markup Language (SAML) identity provider (IdP).', 'description' => 'If single sign-on (SSO) logon is disabled, you can clear the configurations of a SAML IdP. If SSO logon is enabled, you cannot clear the configurations.'."\n" ."\n" .'This topic provides an example on how to clear the configurations of the SAML IdP within the directory `d-00fc2p61****`.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:ClearExternalSAMLIdentityProvider', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'CreateAccessAssignment' => [ 'summary' => 'Assigns access permissions on an account in your resource directory to a user or a group by using an access configuration.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => ['operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'AccessConfigurationId', 'in' => 'query', 'schema' => ['description' => 'The ID of the access configuration.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'ac-00jhtfl8thteu6uj****', 'title' => ''], ], [ 'name' => 'TargetType', 'in' => 'query', 'schema' => ['description' => 'The type of the task object. Set the value to RD-Account, which specifies the accounts in the resource directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'RD-Account', 'title' => ''], ], [ 'name' => 'TargetId', 'in' => 'query', 'schema' => ['description' => 'The ID of the task object.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => '114240524784****', 'title' => ''], ], [ 'name' => 'PrincipalType', 'in' => 'query', 'schema' => ['description' => 'The type of the CloudSSO identity. Valid values:'."\n" ."\n" .'- User'."\n" ."\n" .'- Group', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'User', 'title' => ''], ], [ 'name' => 'PrincipalId', 'in' => 'query', 'schema' => ['description' => 'The ID of the CloudSSO identity.'."\n" ."\n" .'- If you set `PrincipalType` to `User`, set `PrincipalId` to the ID of the CloudSSO user.'."\n" ."\n" .'- If you set `PrincipalType` to `Group`, set `PrincipalId` to the ID of the CloudSSO group.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The returned results.', 'type' => 'object', 'properties' => [ 'Task' => [ 'description' => 'The queried task.', 'type' => 'object', 'properties' => [ 'Status' => ['description' => 'The task status. Valid values:'."\n" ."\n" .'- InProgress: The task is running.'."\n" ."\n" .'- Success: The task is successful.'."\n" ."\n" .'- Failed: The task failed.', 'type' => 'string', 'example' => 'InProgress', 'title' => ''], 'TaskId' => ['description' => 'The ID of the job.', 'type' => 'string', 'example' => 't-sh6tceylhvgejpip****', 'title' => ''], 'PrincipalId' => ['description' => 'The ID of the CloudSSO identity.', 'type' => 'string', 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], 'TargetPath' => ['description' => 'The path ID of the task object in the resource directory.', 'type' => 'string', 'example' => 'rd-3G****/r-Wm****/114240524784****', 'title' => ''], 'PrincipalName' => ['description' => 'The name of the CloudSSO identity.', 'type' => 'string', 'example' => 'Alice', 'title' => ''], 'TargetName' => ['description' => 'The name of the task object.', 'type' => 'string', 'example' => 'dev-test', 'title' => ''], 'TargetId' => ['description' => 'The ID of the task object.', 'type' => 'string', 'example' => '114240524784****', 'title' => ''], 'AccessConfigurationName' => ['description' => 'The name of the access configuration.', 'type' => 'string', 'example' => 'ECS-Admin', 'title' => ''], 'TargetPathName' => ['description' => 'The path name of the task object in the resource directory.', 'type' => 'string', 'example' => 'rd-3G****/root/dev-test', 'title' => ''], 'TaskType' => ['description' => 'The task type. The value is fixed as CreateAccessAssignment, which indicates that access permissions on an account in your resource directory are assigned.', 'type' => 'string', 'example' => 'CreateAccessAssignment', 'title' => ''], 'TargetType' => ['description' => 'The type of the task object. The value is fixed as RD-Account, which indicates the accounts in the resource directory.', 'type' => 'string', 'example' => 'RD-Account', 'title' => ''], 'AccessConfigurationId' => ['description' => 'The ID of the access configuration.', 'type' => 'string', 'example' => 'ac-00jhtfl8thteu6uj****', 'title' => ''], 'PrincipalType' => ['description' => 'The type of the CloudSSO identity. Valid values:'."\n" ."\n" .'- User'."\n" ."\n" .'- Group', 'type' => 'string', 'example' => 'User', 'title' => ''], ], 'title' => '', 'example' => '', ], 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '4726AA56-E138-5C99-85E4-F493536D042F', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'CreateAccessAssignment', 'description' => 'When you call this operation, an asynchronous task is created. You can call the [GetTask](~~340670~~) operation to query the progress of the task based on the value of the `TaskId` response parameter.'."\n" ."\n" .'For more information about how to assign permissions on an account in your resource directory, see [Overview of multi-account authorization](~~266726~~).'."\n" ."\n" .'This topic provides an example on how to assign access permissions on the account `114240524784****` in your resource directory to the CloudSSO user `u-00q8wbq42wiltcrk****` by using the access configuration `ac-00jhtfl8thteu6uj****`. After the call is successful, the CloudSSO user can access resources within the account in the resource directory.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'CreateAccessAssignment'], ], ], 'ramActions' => [ [ 'operationType' => 'create', 'ramAction' => [ 'action' => 'cloudsso:CreateAccessAssignment', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/{#GroupId}'], ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Account', 'arn' => 'acs:resourcemanager::{#accountId}:account/{#AccountId}'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Task\\": {\\n \\"Status\\": \\"InProgress\\",\\n \\"TaskId\\": \\"t-sh6tceylhvgejpip****\\",\\n \\"PrincipalId\\": \\"u-00q8wbq42wiltcrk****\\",\\n \\"TargetPath\\": \\"rd-3G****/r-Wm****/114240524784****\\",\\n \\"PrincipalName\\": \\"Alice\\",\\n \\"TargetName\\": \\"dev-test\\",\\n \\"TargetId\\": \\"114240524784****\\",\\n \\"AccessConfigurationName\\": \\"ECS-Admin\\",\\n \\"TargetPathName\\": \\"rd-3G****/root/dev-test\\",\\n \\"TaskType\\": \\"CreateAccessAssignment\\",\\n \\"TargetType\\": \\"RD-Account\\",\\n \\"AccessConfigurationId\\": \\"ac-00jhtfl8thteu6uj****\\",\\n \\"PrincipalType\\": \\"User\\"\\n },\\n \\"RequestId\\": \\"4726AA56-E138-5C99-85E4-F493536D042F\\"\\n}","type":"json"}]', ], 'CreateAccessConfiguration' => [ 'summary' => 'Creates an access configuration.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => ['operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'AccessConfigurationName', 'in' => 'query', 'schema' => ['description' => 'The name of the access configuration.'."\n" ."\n" .'The name can contain letters, digits, and hyphens (-).'."\n" ."\n" .'The name can be up to 32 characters in length.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'ECS-Admin', 'title' => ''], ], [ 'name' => 'Description', 'in' => 'query', 'schema' => ['description' => 'The description of the access configuration.'."\n" ."\n" .'The description can be up to 1,024 characters in length.', 'type' => 'string', 'required' => false, 'example' => 'This is an access configuration.', 'title' => ''], ], [ 'name' => 'SessionDuration', 'in' => 'query', 'schema' => ['description' => 'The duration of the logon session.'."\n" ."\n" .'When a Cloud SSO user uses the access configuration to access a member in your resource directory, the session can be active for a maximum of this duration.'."\n" ."\n" .'Unit: seconds.'."\n" ."\n" .'Valid values: 900 to 43200 (15 minutes to 12 hours).'."\n" ."\n" .'Default value: 3600 (1 hour).', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '3600', 'title' => ''], ], [ 'name' => 'RelayState', 'in' => 'query', 'schema' => ['description' => 'The initial access page.'."\n" ."\n" .'When a Cloud SSO user uses the access configuration to access a member in your resource directory, the user is redirected to this page.'."\n" ."\n" .'The page must be a page of the Alibaba Cloud Management Console. By default, this parameter is empty, which indicates that the user is redirected to the homepage of the Alibaba Cloud Management Console.', 'type' => 'string', 'required' => false, 'example' => 'https://cloudsso.console.aliyun.com', 'title' => ''], ], [ 'name' => 'Tags', 'in' => 'query', 'style' => 'repeatList', 'schema' => [ 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Value' => ['description' => 'The tag value.', 'type' => 'string', 'required' => false, 'title' => '', 'example' => ''], 'Key' => ['description' => 'The tag key.', 'type' => 'string', 'required' => false, 'title' => '', 'example' => ''], ], 'required' => false, 'description' => 'The tag.', 'title' => '', 'example' => '', ], 'required' => false, 'maxItems' => 21, 'description' => 'The tags.', 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'A3A41736-A050-50B6-ABC5-590F376A0044', 'title' => ''], 'AccessConfiguration' => [ 'description' => 'The information about the access configuration.', 'type' => 'object', 'properties' => [ 'AccessConfigurationName' => ['description' => 'The name of the access configuration.', 'type' => 'string', 'example' => 'ECS-Admin', 'title' => ''], 'SessionDuration' => ['description' => 'The duration of the logon session.'."\n" ."\n" .'When a Cloud SSO user uses the access configuration to access a member in your resource directory, the session can be active for a maximum of this duration.'."\n" ."\n" .'Unit: seconds.', 'type' => 'integer', 'format' => 'int32', 'example' => '3600', 'title' => ''], 'Description' => ['description' => 'The description of the access configuration.', 'type' => 'string', 'example' => 'This is an access configuration.', 'title' => ''], 'RelayState' => ['description' => 'The initial access page.'."\n" ."\n" .'When a Cloud SSO user uses the access configuration to access a member in your resource directory, the user is redirected to this page.', 'type' => 'string', 'example' => 'https://cloudsso.console.aliyun.com', 'title' => ''], 'CreateTime' => ['description' => 'The time when the access configuration was created. The time is displayed in UTC. The time follows the ISO 8601 standard in the `YYYY-MM-DDThh:mm:ssZ` format.', 'type' => 'string', 'example' => '2021-11-02T08:44:23Z', 'title' => ''], 'UpdateTime' => ['description' => 'The time when the access configuration was last modified. The time is displayed in UTC. The time follows the ISO 8601 standard in the `YYYY-MM-DDThh:mm:ssZ` format.', 'type' => 'string', 'example' => '2021-11-02T08:44:23Z', 'title' => ''], 'StatusNotifications' => [ 'description' => 'The status notifications.', 'type' => 'array', 'items' => ['description' => 'The status notification. Valid values:'."\n" ."\n" .'- Empty: No status notification exists.'."\n" ."\n" .'- **ReprovisionRequired**: The access configuration needs to be redeployed.', 'type' => 'string', 'example' => 'ReprovisionRequired', 'title' => ''], 'title' => '', 'example' => '', ], 'AccessConfigurationId' => ['description' => 'The ID of the access configuration.', 'type' => 'string', 'example' => 'ac-00jhtfl8thteu6uj****', 'title' => ''], 'Tags' => [ 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Value' => ['description' => 'The tag value.', 'type' => 'string', 'title' => '', 'example' => ''], 'Key' => ['description' => 'The tag key.', 'type' => 'string', 'title' => '', 'example' => ''], ], 'description' => 'The tag.', 'title' => '', 'example' => '', ], 'description' => 'The tags.', 'title' => '', 'example' => '', ], ], 'title' => '', 'example' => '', ], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'CreateAccessConfiguration', 'description' => 'For more information about access configurations, see [Access configuration overview](~~266737~~).'."\n" ."\n" .'This topic provides an example of how to create an access configuration named `ECS-Admin`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'CreateAccessConfiguration'], ], ], 'ramActions' => [ [ 'operationType' => 'create', 'ramAction' => [ 'action' => 'cloudsso:CreateAccessConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/*'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"A3A41736-A050-50B6-ABC5-590F376A0044\\",\\n \\"AccessConfiguration\\": {\\n \\"AccessConfigurationName\\": \\"ECS-Admin\\",\\n \\"SessionDuration\\": 3600,\\n \\"Description\\": \\"This is an access configuration.\\",\\n \\"RelayState\\": \\"https://cloudsso.console.aliyun.com\\",\\n \\"CreateTime\\": \\"2021-11-02T08:44:23Z\\",\\n \\"UpdateTime\\": \\"2021-11-02T08:44:23Z\\",\\n \\"StatusNotifications\\": [\\n \\"ReprovisionRequired\\"\\n ],\\n \\"AccessConfigurationId\\": \\"ac-00jhtfl8thteu6uj****\\",\\n \\"Tags\\": [\\n {\\n \\"Value\\": \\"\\",\\n \\"Key\\": \\"\\"\\n }\\n ]\\n }\\n}","type":"json"}]', ], 'CreateDirectory' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => ['operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryName', 'in' => 'query', 'schema' => ['description' => 'The name of the directory. The name must be globally unique.'."\n" ."\n" .'The name can contain lowercase letters, digits, and hyphens (-). The name cannot start or end with a hyphen (-) and cannot contain two consecutive hyphens (-). The name cannot start with `d-`.'."\n" ."\n" .'The name must be 2 to 64 characters in length.'."\n" ."\n" .'> If you do not specify this parameter, the value of this parameter is automatically generated by the system.'."\n", 'type' => 'string', 'required' => false, 'example' => 'example', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => 'ADADC31D-90EE-5459-99B0-D83DF07769A3', 'title' => ''], 'Directory' => [ 'description' => 'The information about the directory.'."\n", 'type' => 'object', 'properties' => [ 'DirectoryId' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'example' => 'd-00fc2p61****', 'title' => ''], 'CreateTime' => ['description' => 'The time when the directory was created. The time is displayed in UTC.'."\n", 'type' => 'string', 'example' => '2021-10-10T04:04:04Z', 'title' => ''], 'UpdateTime' => ['description' => 'The time when the directory was modified. The time is displayed in UTC.'."\n", 'type' => 'string', 'example' => '2021-10-10T04:04:04Z', 'title' => ''], 'Region' => ['description' => 'The region ID of the directory.'."\n", 'type' => 'string', 'example' => 'cn-shanghai', 'title' => ''], 'DirectoryName' => ['description' => 'The name of the directory.'."\n", 'type' => 'string', 'example' => 'example', 'title' => ''], ], 'title' => '', ], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"ADADC31D-90EE-5459-99B0-D83DF07769A3\\",\\n \\"Directory\\": {\\n \\"DirectoryId\\": \\"d-00fc2p61****\\",\\n \\"CreateTime\\": \\"2021-10-10T04:04:04Z\\",\\n \\"UpdateTime\\": \\"2021-10-10T04:04:04Z\\",\\n \\"Region\\": \\"cn-shanghai\\",\\n \\"DirectoryName\\": \\"example\\"\\n }\\n}","errorExample":""},{"type":"xml","example":"\\n ADADC31D-90EE-5459-99B0-D83DF07769A3\\n \\n d-00fc2p61****\\n 2021-10-10T04:04:04Z\\n 2021-10-10T04:04:04Z\\n cn-shanghai\\n example\\n \\n","errorExample":""}]', 'title' => 'CreateDirectory', 'summary' => 'Creates a directory.', 'description' => '### [](#)Operation description'."\n" ."\n" .'A directory is a CloudSSO instance. Before you can use CloudSSO, you must create a directory. The directory is used to manage all CloudSSO resources.'."\n" ."\n" .'To create a directory, you must select a region. Alibaba Cloud stores data in the directory only in the region that you select. However, you can deploy Alibaba Cloud resources including Elastic Compute Service (ECS) instances and ApsaraDB RDS instances in other regions. You can also use your cloud account for logons and access the Alibaba Cloud resources in other regions. You can select a region to create a directory based on your security compliance requirements and the geographic location of specific users. If you do not have strict security compliance requirements, we recommend that you select a region that is the closest to the geographical location of the specific users. This way, access to cloud resources is accelerated. You can create the CloudSSO directory in the China (Shanghai), China (Hong Kong), US (Silicon Valley), or Germany (Frankfurt) region.'."\n" ."\n" .'This topic provides an example on how to create a directory named `example` in the China (Shanghai) region.'."\n" ."\n" .'### [](#)Limits'."\n" ."\n" .'* You can create only one directory for a management account.'."\n" .'* If you want to change the region of a directory, you must delete the directory and then create a directory in a different region.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'create', 'ramAction' => [ 'action' => 'cloudsso:CreateDirectory', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/*'], ], ], 'additionalActions' => [ ['action' => 'ram:CreateServiceLinkedRole', 'validationType' => 'always'], ], ], ], ], 'CreateGroup' => [ 'summary' => 'Creates a group.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => ['operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'GroupName', 'in' => 'query', 'schema' => ['description' => 'The name of the group.'."\n" ."\n" .'The name can contain letters, digits, underscores (\\_), hyphens (-), and periods (.).\\`\\`'."\n" ."\n" .'The name can be up to 128 characters in length.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'TestGroup', 'title' => ''], ], [ 'name' => 'Description', 'in' => 'query', 'schema' => ['description' => 'The description of the group.'."\n" ."\n" .'The description can be up to 1,024 characters in length.', 'type' => 'string', 'required' => false, 'example' => 'This is a group.', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'Group' => [ 'description' => 'The information about the group.', 'type' => 'object', 'properties' => [ 'GroupName' => ['description' => 'The name of the group.', 'type' => 'string', 'example' => 'TestGroup', 'title' => ''], 'Description' => ['description' => 'The description of the group.', 'type' => 'string', 'example' => 'This is a group.', 'title' => ''], 'CreateTime' => ['description' => 'The time when the group was created.', 'type' => 'string', 'example' => '2021-11-01T02:38:27Z', 'title' => ''], 'ProvisionType' => ['description' => 'The type of the group. The value is fixed as Manual, which indicates that the group is manually created.', 'type' => 'string', 'example' => 'Manual', 'title' => ''], 'UpdateTime' => ['description' => 'The time when the information about the group was modified.', 'type' => 'string', 'example' => '2021-11-01T02:38:27Z', 'title' => ''], 'GroupId' => ['description' => 'The ID of the group.', 'type' => 'string', 'example' => 'g-00jqzghi2n3o5hkh****', 'title' => ''], ], 'title' => '', 'example' => '', ], 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '20E9650E-EC23-593E-933F-EA0D280D040C', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'CreateGroup', 'description' => 'This topic provides an example on how to create a group named `TestGroup`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'CreateGroup'], ], ], 'ramActions' => [ [ 'operationType' => 'create', 'ramAction' => [ 'action' => 'cloudsso:CreateGroup', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/*'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Group\\": {\\n \\"GroupName\\": \\"TestGroup\\",\\n \\"Description\\": \\"This is a group.\\",\\n \\"CreateTime\\": \\"2021-11-01T02:38:27Z\\",\\n \\"ProvisionType\\": \\"Manual\\",\\n \\"UpdateTime\\": \\"2021-11-01T02:38:27Z\\",\\n \\"GroupId\\": \\"g-00jqzghi2n3o5hkh****\\"\\n },\\n \\"RequestId\\": \\"20E9650E-EC23-593E-933F-EA0D280D040C\\"\\n}","type":"json"}]', ], 'CreateSCIMServerCredential' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => ['operationType' => 'create', 'riskType' => 'high', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '2D2E5180-7ACF-57FF-A56C-26A49ABEBFF7', 'title' => ''], 'SCIMServerCredential' => [ 'description' => 'The information about the SCIM credential.', 'type' => 'object', 'properties' => [ 'Status' => ['description' => 'The status of the SCIM credential. The value is fixed as Enabled, which indicates that the SCIM credential is enabled.', 'type' => 'string', 'example' => 'Enabled', 'title' => ''], 'DirectoryId' => ['description' => 'The ID of the directory.', 'type' => 'string', 'example' => 'd-00fc2p61****', 'title' => ''], 'CredentialId' => ['description' => 'The ID of the SCIM credential.', 'type' => 'string', 'example' => 'scimcred-004whl0kvfwcypbi****', 'title' => ''], 'CreateTime' => ['description' => 'The time when the SCIM credential was created.', 'type' => 'string', 'example' => '2021-11-09T08:12:52Z', 'title' => ''], 'CredentialType' => ['description' => 'The type of the SCIM credential.', 'type' => 'string', 'example' => 'BearerToken', 'title' => ''], 'ExpireTime' => ['description' => 'The time when the SCIM credential expires.', 'type' => 'string', 'example' => '2022-11-09T08:12:52Z', 'title' => ''], 'CredentialSecret' => ['description' => 'The SCIM credential.'."\n" ."\n" .'> The SCIM credential is returned only when it is created. After the SCIM credential is created, you cannot query it. Keep the SCIM credential confidential.', 'type' => 'string', 'example' => '8aAJCtpbyPJ8saXeYDgyw****', 'title' => ''], ], 'title' => '', 'example' => '', ], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'CreateSCIMServerCredential', 'summary' => 'Creates a System for Cross-domain Identity Management (SCIM) credential.', 'description' => 'SCIM credentials are required for SCIM synchronization. You can create up to two SCIM credentials.'."\n" ."\n" .'This topic provides an example on how to create a SCIM credential within the directory `d-00fc2p61****`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'CreateSCIMServerCredential'], ], ], 'ramActions' => [ [ 'operationType' => 'create', 'ramAction' => [ 'action' => 'cloudsso:CreateSCIMServerCredential', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'SCIMServerCredential', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/scim-credential/*'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"2D2E5180-7ACF-57FF-A56C-26A49ABEBFF7\\",\\n \\"SCIMServerCredential\\": {\\n \\"Status\\": \\"Enabled\\",\\n \\"DirectoryId\\": \\"d-00fc2p61****\\",\\n \\"CredentialId\\": \\"scimcred-004whl0kvfwcypbi****\\",\\n \\"CreateTime\\": \\"2021-11-09T08:12:52Z\\",\\n \\"CredentialType\\": \\"BearerToken\\",\\n \\"ExpireTime\\": \\"2022-11-09T08:12:52Z\\",\\n \\"CredentialSecret\\": \\"8aAJCtpbyPJ8saXeYDgyw****\\"\\n }\\n}","type":"json"}]', ], 'CreateUser' => [ 'summary' => 'Creates a user.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => ['operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the CloudSSO directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'UserName', 'in' => 'query', 'schema' => ['description' => 'The username. The username must be unique within the directory and cannot be modified.'."\n" ."\n" .'The username can contain digits, letters, and the following special characters: `@_-.`.'."\n" ."\n" .'The username can be up to 64 characters in length.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'Alice', 'title' => ''], ], [ 'name' => 'FirstName', 'in' => 'query', 'schema' => ['description' => 'The first name of the user.'."\n" ."\n" .'The first name can be up to 64 characters in length.', 'type' => 'string', 'required' => false, 'example' => 'Alice', 'title' => ''], ], [ 'name' => 'LastName', 'in' => 'query', 'schema' => ['description' => 'The last name of the user.'."\n" ."\n" .'The last name can be up to 64 characters in length.', 'type' => 'string', 'required' => false, 'example' => 'Lee', 'title' => ''], ], [ 'name' => 'DisplayName', 'in' => 'query', 'schema' => ['description' => 'The display name of the user.'."\n" ."\n" .'The display name can be up to 256 characters in length.', 'type' => 'string', 'required' => false, 'example' => 'Alice', 'title' => ''], ], [ 'name' => 'Description', 'in' => 'query', 'schema' => ['description' => 'The description of the user.'."\n" ."\n" .'The description can be up to 1,024 characters in length.', 'type' => 'string', 'required' => false, 'example' => 'This is a user.', 'title' => ''], ], [ 'name' => 'Email', 'in' => 'query', 'schema' => ['description' => 'The email address of the user. The email address must be unique within the directory.'."\n" ."\n" .'The email address can be up to 128 characters in length.', 'type' => 'string', 'required' => false, 'example' => 'Alice@example.com', 'title' => ''], ], [ 'name' => 'Status', 'in' => 'query', 'schema' => ['description' => 'The status of the user. Valid values:'."\n" ."\n" .'- Enabled (default)'."\n" ."\n" .'- Disabled', 'type' => 'string', 'required' => false, 'example' => 'Enabled', 'title' => ''], ], [ 'name' => 'Tags', 'in' => 'query', 'style' => 'repeatList', 'schema' => [ 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Value' => ['description' => 'The tag value.', 'type' => 'string', 'required' => false, 'title' => '', 'example' => ''], 'Key' => ['description' => 'The tag key.', 'type' => 'string', 'required' => false, 'title' => '', 'example' => ''], ], 'required' => false, 'description' => 'The tag.', 'title' => '', 'example' => '', ], 'required' => false, 'maxItems' => 21, 'description' => 'The tags.', 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'User' => [ 'description' => 'The details of the user.', 'type' => 'object', 'properties' => [ 'Status' => ['description' => 'The status of the user. Valid values:'."\n" ."\n" .'- Enabled: The user is enabled.'."\n" ."\n" .'- Disabled: The user is disabled.', 'type' => 'string', 'example' => 'Enabled', 'title' => ''], 'UserName' => ['description' => 'The username.', 'type' => 'string', 'example' => 'Alice', 'title' => ''], 'Email' => ['description' => 'The email address of the user.', 'type' => 'string', 'example' => 'Alice@example.com', 'title' => ''], 'Description' => ['description' => 'The description of the user.', 'type' => 'string', 'example' => 'This is a user.', 'title' => ''], 'UserId' => ['description' => 'The user ID.', 'type' => 'string', 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], 'FirstName' => ['description' => 'The first name of the user.', 'type' => 'string', 'example' => 'Alice', 'title' => ''], 'CreateTime' => ['description' => 'The time when the user was created. The time is displayed in ISO 8601 format in UTC.', 'type' => 'string', 'example' => '2021-10-26T03:03:42Z', 'title' => ''], 'ProvisionType' => ['description' => 'The provisioning type of the user. Valid values:'."\n" ."\n" .'- Manual: The user was created manually.'."\n" ."\n" .'- Synchronized: The user was synchronized from an external IdP.', 'type' => 'string', 'example' => 'Manual', 'title' => ''], 'DisplayName' => ['description' => 'The display name of the user.', 'type' => 'string', 'example' => 'Alice', 'title' => ''], 'UpdateTime' => ['description' => 'The time when the user was last modified. The time is displayed in ISO 8601 format in UTC.', 'type' => 'string', 'example' => '2021-10-26T03:03:42Z', 'title' => ''], 'LastName' => ['description' => 'The last name of the user.', 'type' => 'string', 'example' => 'Lee', 'title' => ''], 'Tags' => [ 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Value' => ['description' => 'The tag value.', 'type' => 'string', 'title' => '', 'example' => ''], 'Key' => ['description' => 'The tag key.', 'type' => 'string', 'title' => '', 'example' => ''], ], 'description' => 'The tag.', 'title' => '', 'example' => '', ], 'description' => 'The tags.', 'title' => '', 'example' => '', ], ], 'title' => '', 'example' => '', ], 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'F6F90F3D-4502-5877-B80B-97476F6AE2CC', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'CreateUser', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'CreateUser'], ], ], 'ramActions' => [ [ 'operationType' => 'create', 'ramAction' => [ 'action' => 'cloudsso:CreateUser', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/*'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"User\\": {\\n \\"Status\\": \\"Enabled\\",\\n \\"UserName\\": \\"Alice\\",\\n \\"Email\\": \\"Alice@example.com\\",\\n \\"Description\\": \\"This is a user.\\",\\n \\"UserId\\": \\"u-00q8wbq42wiltcrk****\\",\\n \\"FirstName\\": \\"Alice\\",\\n \\"CreateTime\\": \\"2021-10-26T03:03:42Z\\",\\n \\"ProvisionType\\": \\"Manual\\",\\n \\"DisplayName\\": \\"Alice\\",\\n \\"UpdateTime\\": \\"2021-10-26T03:03:42Z\\",\\n \\"LastName\\": \\"Lee\\",\\n \\"Tags\\": [\\n {\\n \\"Value\\": \\"\\",\\n \\"Key\\": \\"\\"\\n }\\n ]\\n },\\n \\"RequestId\\": \\"F6F90F3D-4502-5877-B80B-97476F6AE2CC\\"\\n}","type":"json"}]', ], 'CreateUserProvisioning' => [ 'summary' => 'Creates a Resource Access Management (RAM) user provisioning.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => ['operationType' => 'create', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the resource directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-003qew84****', 'title' => ''], ], [ 'name' => 'DuplicationStrategy', 'in' => 'query', 'schema' => ['description' => 'The conflict handling policy. The policy is used when a RAM user has the same username as the CloudSSO user who is synchronized to RAM. Valid values:'."\n" ."\n" .'- KeepBoth: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system creates a RAM user whose username is the username of the CloudSSO user plus the suffix `_sso`.'."\n" ."\n" .'- TakeOver: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system replaces the RAM user with the CloudSSO user.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'KeepBoth', 'title' => ''], ], [ 'name' => 'DeletionStrategy', 'in' => 'query', 'schema' => ['description' => 'The deletion policy. The policy is used to manage synchronized users when you delete the RAM user provisioning. Valid values:'."\n" ."\n" .'- Delete: When you delete the RAM user provisioning, the system deletes the synchronized users.'."\n" ."\n" .'- Keep: When you delete the RAM user provisioning, the system retains the synchronized users.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'Delete', 'title' => ''], ], [ 'name' => 'Description', 'in' => 'query', 'schema' => ['description' => 'The description.', 'type' => 'string', 'required' => false, 'example' => 'This is a user provisioning.', 'title' => ''], ], [ 'name' => 'PrincipalId', 'in' => 'query', 'schema' => ['description' => 'The identity ID of the RAM user provisioning. Valid values:'."\n" ."\n" .'- If you set the `PrincipalType` parameter to `Group`, the value of this parameter is the ID of a CloudSSO user group (g-\\*\\*\\*\\*\\*\\*\\*\\*).'."\n" ."\n" .'- If you set the `PrincipalType` parameter to `User`, the value of this parameter is the ID of a CloudSSO user (u-\\*\\*\\*\\*\\*\\*\\*\\*).', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'g-02ha881d*****', 'title' => ''], ], [ 'name' => 'PrincipalType', 'in' => 'query', 'schema' => ['description' => 'The identity type of the RAM user provisioning. Valid values:'."\n" ."\n" .'- User: The identity of the RAM user provisioning is a CloudSSO user.'."\n" ."\n" .'- Group: The identity of the RAM user provisioning is a CloudSSO user group.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'Group', 'title' => ''], ], [ 'name' => 'TargetId', 'in' => 'query', 'schema' => ['description' => 'The ID of the object for which you create the RAM user provisioning. The value is fixed as the ID of the member in the resource directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => '1743382******', 'title' => ''], ], [ 'name' => 'TargetType', 'in' => 'query', 'schema' => ['description' => 'The object for which you create the RAM user provisioning. The value is fixed as `RD-Account`.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'RD-Account', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'UserProvisioning' => [ 'description' => 'The information about the RAM user provisioning.', 'type' => 'object', 'properties' => [ 'Status' => ['description' => 'The status of the RAM user provisioning. Valid values:'."\n" ."\n" .'- Enabled'."\n" ."\n" .'- Disabled', 'type' => 'string', 'example' => 'Enabled', 'title' => ''], 'Description' => ['description' => 'The description.', 'type' => 'string', 'example' => 'This is a user provisioning.', 'title' => ''], 'UserProvisioningId' => ['description' => 'The ID of the RAM user provisioning.', 'type' => 'string', 'example' => 'up-002axzhapcbz6e63****', 'title' => ''], 'PrincipalId' => ['description' => 'The identity ID of the RAM user provisioning. Valid values:'."\n" ."\n" .'- If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user group (g-\\*\\*\\*\\*\\*\\*\\*\\*).'."\n" ."\n" .'- If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user (u-\\*\\*\\*\\*\\*\\*\\*\\*).', 'type' => 'string', 'example' => 'g-02ha881d*****', 'title' => ''], 'TargetPath' => ['description' => 'The path of the resource directory in which you create the RAM user provisioning for the member.', 'type' => 'string', 'example' => 'rd-******/root/test**', 'title' => ''], 'UpdateTime' => ['description' => 'The modification time. The time is displayed in UTC.', 'type' => 'string', 'example' => '2022-11-28T03:55:42Z', 'title' => ''], 'DuplicationStrategy' => ['description' => 'The conflict handling policy. The policy is used when a RAM user has the same username as the CloudSSO user who is synchronized to RAM. Valid values:'."\n" ."\n" .'- KeepBoth: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system creates a RAM user whose username is the username of the CloudSSO user plus the suffix `_sso`.'."\n" ."\n" .'- TakeOver: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system replaces the RAM user with the CloudSSO user.', 'type' => 'string', 'example' => 'KeepBoth', 'title' => ''], 'DeletionStrategy' => ['description' => 'The deletion policy. The policy is used to manage synchronized users when you delete the RAM user provisioning. Valid values:'."\n" ."\n" .'- Delete: When you delete the RAM user provisioning, the system deletes the synchronized users.'."\n" ."\n" .'- Keep: When you delete the RAM user provisioning, the system retains the synchronized users.', 'type' => 'string', 'example' => 'Delete', 'title' => ''], 'PrincipalName' => ['description' => 'The identity name of the RAM user provisioning. Valid values:'."\n" ."\n" .'- If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user group.'."\n" ."\n" .'- If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user.', 'type' => 'string', 'example' => 'testGroupName', 'title' => ''], 'TargetName' => ['description' => 'The name of the object for which you create the RAM user provisioning. The value is fixed as the name of the member in the resource directory.', 'type' => 'string', 'example' => 'testTargetName', 'title' => ''], 'TargetId' => ['description' => 'The ID of the object for which you create the RAM user provisioning. The value is fixed as the ID of the member in the resource directory.', 'type' => 'string', 'example' => '1743382******', 'title' => ''], 'CreateTime' => ['description' => 'The creation time. The time is displayed in UTC.', 'type' => 'string', 'example' => '2022-11-28T03:55:42Z', 'title' => ''], 'DirectoryId' => ['description' => 'The ID of the resource directory.', 'type' => 'string', 'example' => 'd-003qew84****', 'title' => ''], 'OwnerPk' => ['description' => 'The ID of the Alibaba Cloud account to which the resource directory belongs.', 'type' => 'string', 'example' => '1639738******', 'title' => ''], 'TargetType' => ['description' => 'The object for which you create the RAM user provisioning. The value is fixed as `RD-Account`.', 'type' => 'string', 'example' => 'RD-Account', 'title' => ''], 'PrincipalType' => ['description' => 'The identity type of the RAM user provisioning. Valid values:'."\n" ."\n" .'- User: The identity of the RAM user provisioning is a CloudSSO user.'."\n" ."\n" .'- Group: The identity of the RAM user provisioning is a CloudSSO user group.', 'type' => 'string', 'example' => 'Group', 'title' => ''], ], 'title' => '', 'example' => '', ], 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'F6F90F3D-4502-5877-B80B-97476F6AE2CC', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'CreateUserProvisioning', 'description' => 'You can create a RAM user provisioning for a member in your resource directory to create a RAM user that has the same username as a CloudSSO user. This way, the CloudSSO user can access the resources of the member as the RAM user.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '50', 'countWindow' => 1, 'regionId' => '*', 'api' => 'CreateUserProvisioning'], ], ], 'ramActions' => [ [ 'operationType' => 'create', 'ramAction' => [ 'action' => 'cloudsso:CreateUserProvisioning', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/*'], ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Account', 'arn' => 'acs:resourcemanager::{#accountId}:account/{#AccountId}'], ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/{#GroupId}'], ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"UserProvisioning\\": {\\n \\"Status\\": \\"Enabled\\",\\n \\"Description\\": \\"This is a user provisioning.\\",\\n \\"UserProvisioningId\\": \\"up-002axzhapcbz6e63****\\",\\n \\"PrincipalId\\": \\"g-02ha881d*****\\",\\n \\"TargetPath\\": \\"rd-******/root/test**\\",\\n \\"UpdateTime\\": \\"2022-11-28T03:55:42Z\\",\\n \\"DuplicationStrategy\\": \\"KeepBoth\\",\\n \\"DeletionStrategy\\": \\"Delete\\",\\n \\"PrincipalName\\": \\"testGroupName\\",\\n \\"TargetName\\": \\"testTargetName\\",\\n \\"TargetId\\": \\"1743382******\\",\\n \\"CreateTime\\": \\"2022-11-28T03:55:42Z\\",\\n \\"DirectoryId\\": \\"d-003qew84****\\",\\n \\"OwnerPk\\": \\"1639738******\\",\\n \\"TargetType\\": \\"RD-Account\\",\\n \\"PrincipalType\\": \\"Group\\"\\n },\\n \\"RequestId\\": \\"F6F90F3D-4502-5877-B80B-97476F6AE2CC\\"\\n}","type":"json"}]', ], 'DeleteAccessAssignment' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => ['operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'AccessConfigurationId', 'in' => 'query', 'schema' => ['description' => 'The ID of the access configuration.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'ac-00jhtfl8thteu6uj****', 'title' => ''], ], [ 'name' => 'TargetType', 'in' => 'query', 'schema' => ['description' => 'The type of the task object. Set the value to RD-Account, which specifies the accounts in the resource directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'RD-Account', 'title' => ''], ], [ 'name' => 'TargetId', 'in' => 'query', 'schema' => ['description' => 'The ID of the task object.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => '114240524784****', 'title' => ''], ], [ 'name' => 'PrincipalType', 'in' => 'query', 'schema' => ['description' => 'The type of the CloudSSO identity. Valid values:'."\n" ."\n" .'- User'."\n" ."\n" .'- Group', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'User', 'title' => ''], ], [ 'name' => 'PrincipalId', 'in' => 'query', 'schema' => ['description' => 'The ID of the CloudSSO identity.'."\n" ."\n" .'- If you set `PrincipalType` to `User`, set `PrincipalId` to the ID of the CloudSSO user.'."\n" ."\n" .'- If you set `PrincipalType` to `Group`, set `PrincipalId` to the ID of the CloudSSO group.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], ], [ 'name' => 'DeprovisionStrategy', 'in' => 'query', 'schema' => ['description' => 'Specifies whether to de-provision the access configuration when you remove the access permissions from the CloudSSO identity. The access configuration is used to assign the access permissions, and the identity is the only one that uses the access configuration and is associated with the account. Valid values:'."\n" ."\n" .'- DeprovisionForLastAccessAssignmentOnAccount: de-provisions the access configuration.'."\n" ."\n" .'- None: does not de-provision the access configuration. This is the default value.', 'type' => 'string', 'required' => false, 'example' => 'None', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'Task' => [ 'description' => 'The task information.', 'type' => 'object', 'properties' => [ 'Status' => ['description' => 'The task status. Valid values:'."\n" ."\n" .'- InProgress: The task is running.'."\n" ."\n" .'- Success: The task is successful.'."\n" ."\n" .'- Failed: The task failed.', 'type' => 'string', 'example' => 'InProgress', 'title' => ''], 'TaskId' => ['description' => 'The task ID.', 'type' => 'string', 'example' => 't-shfqw1u1edszvxw5****', 'title' => ''], 'PrincipalId' => ['description' => 'The ID of the CloudSSO identity.', 'type' => 'string', 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], 'TargetPath' => ['description' => 'The path ID of the task object in the resource directory.', 'type' => 'string', 'example' => 'rd-3G****/r-Wm****/114240524784****', 'title' => ''], 'PrincipalName' => ['description' => 'The name of the CloudSSO identity.', 'type' => 'string', 'example' => 'Alice', 'title' => ''], 'TargetName' => ['description' => 'The name of the task object.', 'type' => 'string', 'example' => 'dev-test', 'title' => ''], 'TargetId' => ['description' => 'The ID of the task object.', 'type' => 'string', 'example' => '114240524784****', 'title' => ''], 'AccessConfigurationName' => ['description' => 'The name of the access configuration.', 'type' => 'string', 'example' => 'ECS-Admin', 'title' => ''], 'TargetPathName' => ['description' => 'The path name of the task object in the resource directory.', 'type' => 'string', 'example' => 'rd-3G****/root/dev-test', 'title' => ''], 'TaskType' => ['description' => 'The task type. The value is fixed as DeleteAccessAssignment, which indicates that access permissions on an account in your resource directory are removed.', 'type' => 'string', 'example' => 'DeleteAccessAssignment', 'title' => ''], 'TargetType' => ['description' => 'The type of the task object. The value is fixed as RD-Account, which indicates the accounts in the resource directory.', 'type' => 'string', 'example' => 'RD-Account', 'title' => ''], 'AccessConfigurationId' => ['description' => 'The ID of the access configuration.', 'type' => 'string', 'example' => 'ac-00jhtfl8thteu6uj****', 'title' => ''], 'PrincipalType' => ['description' => 'The type of the CloudSSO identity. Valid values:'."\n" ."\n" .'- User'."\n" ."\n" .'- Group', 'type' => 'string', 'example' => 'User', 'title' => ''], ], 'title' => '', 'example' => '', ], 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '5C9D0CF4-5CE8-5CE6-932A-826EF4ADD007', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'DeleteAccessAssignment', 'summary' => 'Removes the access permissions on an account in a resource directory.', 'description' => 'When you call this operation, an asynchronous task is created. You can call the [GetTask](~~340670~~) operation to query the progress of the task based on the value of the `TaskId` response parameter.'."\n" ."\n" .'This topic provides an example on how to remove the access permissions on the account `114240524784****` in the resource directory from the CloudSSO user `u-00q8wbq42wiltcrk****`. The access permissions are assigned by using the access configuration `ac-00jhtfl8thteu6uj****`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeleteAccessAssignment'], ], ], 'ramActions' => [ [ 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:DeleteAccessAssignment', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/{#GroupId}'], ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Account', 'arn' => 'acs:resourcemanager::{#accountId}:account/{#AccountId}'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Task\\": {\\n \\"Status\\": \\"InProgress\\",\\n \\"TaskId\\": \\"t-shfqw1u1edszvxw5****\\",\\n \\"PrincipalId\\": \\"u-00q8wbq42wiltcrk****\\",\\n \\"TargetPath\\": \\"rd-3G****/r-Wm****/114240524784****\\",\\n \\"PrincipalName\\": \\"Alice\\",\\n \\"TargetName\\": \\"dev-test\\",\\n \\"TargetId\\": \\"114240524784****\\",\\n \\"AccessConfigurationName\\": \\"ECS-Admin\\",\\n \\"TargetPathName\\": \\"rd-3G****/root/dev-test\\",\\n \\"TaskType\\": \\"DeleteAccessAssignment\\",\\n \\"TargetType\\": \\"RD-Account\\",\\n \\"AccessConfigurationId\\": \\"ac-00jhtfl8thteu6uj****\\",\\n \\"PrincipalType\\": \\"User\\"\\n },\\n \\"RequestId\\": \\"5C9D0CF4-5CE8-5CE6-932A-826EF4ADD007\\"\\n}","type":"json"}]', ], 'DeleteAccessConfiguration' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'AccessConfigurationId', 'in' => 'query', 'schema' => ['description' => 'The ID of the access configuration.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'ac-001j9mcm3k7335bc****', 'title' => ''], ], [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'ForceRemovePermissionPolicies', 'in' => 'query', 'schema' => ['description' => 'Specifies whether to forcibly remove system policies and inline policies. Valid values:'."\n" ."\n" .'- true: When you delete the access configuration, the associated system policies and inline policies are forcibly removed.'."\n" ."\n" .'- false: When you delete the access configuration, the associated system policies and inline policies are not forcibly removed. This is the default value. If these policies exist in the access configuration, the deletion fails. Before you delete the access configuration, you must remove the system policies and inline policies. For more information, see [RemovePermissionPolicyFromAccessConfiguration](~~336904~~).', 'type' => 'boolean', 'required' => false, 'example' => 'false', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '9B13E4EE-3853-5852-9165-597C32AD8FB7', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'DeleteAccessConfiguration', 'summary' => 'Deletes an access configuration.', 'description' => '### [](#)Prerequisites'."\n" ."\n" .'The access configuration that you want to delete is de-provisioned from the accounts in your resource directory. For more information, see [DeprovisionAccessConfiguration](~~338352~~).'."\n" ."\n" .'### [](#)Operation description'."\n" ."\n" .'This topic provides an example on how to delete the access configuration whose ID is `ac-001j9mcm3k7335bc****`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeleteAccessConfiguration'], ], ], 'ramActions' => [ [ 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:DeleteAccessConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"9B13E4EE-3853-5852-9165-597C32AD8FB7\\"\\n}","type":"json"}]', ], 'DeleteDirectory' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => 'B182C041-8C64-5F2F-A07B-FC67FAF89CF9', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"B182C041-8C64-5F2F-A07B-FC67FAF89CF9\\"\\n}","errorExample":""},{"type":"xml","example":"\\n B182C041-8C64-5F2F-A07B-FC67FAF89CF9\\n","errorExample":""}]', 'title' => 'DeleteDirectory', 'summary' => 'Deletes a directory.', 'description' => '### [](#)Prerequisites'."\n" ."\n" .'No resources are contained in the directory that you want to delete.'."\n" ."\n" .'* Access permissions on the accounts in your resource directory are removed from all users and groups. For more information, see [DeleteAccessAssignment](~~338350~~).'."\n" .'* Users are deleted. For more information, see [DeleteUser](~~341671~~).'."\n" .'* Groups are deleted. For more information, see [DeleteGroup](~~341821~~).'."\n" .'* Access configurations are deleted. For more information, see [DeleteAccessConfiguration](~~336907~~).'."\n" .'* System for Cross-domain Identity Management (SCIM) credentials are deleted. For more information, see [DeleteSCIMServerCredential](~~341842~~).'."\n" .'* Single sign-on (SSO) logon configurations are deleted. For more information, see [ClearExternalSAMLIdentityProvider](~~341573~~).'."\n" ."\n" .'### [](#)Operation description'."\n" ."\n" .'This topic provides an example on how to delete a directory whose ID is `d-00fc2p61****`.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:DeleteDirectory', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'DeleteGroup' => [ 'summary' => 'Deletes a group.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'GroupId', 'in' => 'query', 'schema' => ['description' => 'The ID of the group.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'g-00jqzghi2n3o5hkh****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'F723DE01-6276-5DC4-9B1F-9CBE3E1748B2', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'DeleteGroup', 'description' => '### [](#)Prerequisites'."\n" ."\n" .'The group that you want to delete is not associated with the following resources. If the group is associated with the resources, the deletion fails.'."\n" ."\n" .'- Users: You must remove users from the group. For more information, see [RemoveUserFromGroup](~~335116~~).'."\n" ."\n" .'- Access permissions: You must remove the access permissions on the accounts in your resource directory from the group. For more information, see [DeleteAccessAssignment](~~338350~~).'."\n" ."\n" .'### [](#)Operation description'."\n" ."\n" .'If System for Cross-domain Identity Management (SCIM) synchronization is enabled, you cannot delete a group that is synchronized by using SCIM.'."\n" ."\n" .'This topic provides an example on how to delete the group `g-00jqzghi2n3o5hkh****`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeleteGroup'], ], ], 'ramActions' => [ [ 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:DeleteGroup', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/{#GroupId}'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"F723DE01-6276-5DC4-9B1F-9CBE3E1748B2\\"\\n}","type":"json"}]', ], 'DeleteMFADeviceForUser' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free', 'autoTest' => false, 'notSupportAutoTestReason' => '仅依靠api/http调用无法完成资源创建,继而删除操作无法自动化测试'], 'parameters' => [ [ 'name' => 'UserId', 'in' => 'query', 'schema' => ['description' => 'The ID of the user.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], ], [ 'name' => 'MFADeviceId', 'in' => 'query', 'schema' => ['description' => 'The ID of the MFA device.'."\n" ."\n" .'You can call the [ListMFADevicesForUser](~~333531~~) operation to query the IDs of MFA devices.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'mfa-00ujhet8pycljj7j****', 'title' => ''], ], [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '8B9982ED-FD0D-5622-8EA0-7B768685DCE7', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'DeleteMFADeviceForUser', 'summary' => 'Unbinds a multi-factor authentication (MFA) device from a user.', 'description' => 'This topic provides an example on how to unbind the MFA device whose ID is `mfa-00ujhet8pycljj7j****` from the user whose ID is `u-00q8wbq42wiltcrk****`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeleteMFADeviceForUser'], ], ], 'ramActions' => [ [ 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:DeleteMFADeviceForUser', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"8B9982ED-FD0D-5622-8EA0-7B768685DCE7\\"\\n}","type":"json"}]', ], 'DeleteSCIMServerCredential' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'CredentialId', 'in' => 'query', 'schema' => ['description' => 'The ID of the SCIM credential.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'scimcred-004whl0kvfwcypbi****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '8CE8B990-193D-50CE-A604-69F3E7DCE740', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'DeleteSCIMServerCredential', 'summary' => 'Deletes a System for Cross-domain Identity Management (SCIM) credential.', 'description' => 'After a SCIM credential is deleted, the synchronization task that uses the SCIM credential fails.'."\n" ."\n" .'This topic provides an example on how to delete the SCIM credential whose ID is `scimcred-004whl0kvfwcypbi****`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeleteSCIMServerCredential'], ], ], 'ramActions' => [ [ 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:DeleteSCIMServerCredential', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'SCIMServerCredential', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/scim-credential/{#CredentialId}'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"8CE8B990-193D-50CE-A604-69F3E7DCE740\\"\\n}","type":"json"}]', ], 'DeleteUser' => [ 'summary' => 'Deletes a user.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'UserId', 'in' => 'query', 'schema' => ['description' => 'The ID of the user.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => 'E598602-AC67-56EF-B7CC-2927C30AA0A8', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"E598602-AC67-56EF-B7CC-2927C30AA0A8\\"\\n}","errorExample":""},{"type":"xml","example":"\\r\\n\\r\\n\\tEE598602-AC67-56EF-B7CC-2927C30AA0A8\\r\\n\\t","errorExample":""}]', 'title' => 'DeleteUser', 'description' => '### [](#)Prerequisites'."\n" ."\n" .'Before you delete a user, make sure that the user is not associated with the following resources. Otherwise, the deletion fails.'."\n" ."\n" .'* Multi-factor authentication (MFA) devices: You must delete the MFA devices bound to the user. For more information, see [DeleteMFADeviceForUser](~~341675~~).'."\n" .'* Access permissions: You must remove the access permissions on the accounts in your resource directory from the user. For more information, see [DeleteAccessAssignment](~~338350~~).'."\n" .'* Groups: You must remove the user from groups. For more information, see [RemoveUserFromGroup](~~335116~~).'."\n" ."\n" .'### [](#)Precautions'."\n" ."\n" .'If System for Cross-domain Identity Management (SCIM) synchronization is enabled, you cannot delete a user that is synchronized by using SCIM.'."\n" ."\n" .'This topic provides an example on how to delete the user whose ID is `u-00q8wbq42wiltcrk****`.'."\n", 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeleteUser'], ], ], 'ramActions' => [ [ 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:DeleteUser', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], ], ], 'DeleteUserProvisioning' => [ 'summary' => 'Deletes a Resource Access Management (RAM) user provisioning.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the resource directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-003qew84****', 'title' => ''], ], [ 'name' => 'UserProvisioningId', 'in' => 'query', 'schema' => ['description' => 'The ID of the RAM user provisioning.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'up-002axzhapcbz6e63****', 'title' => ''], ], [ 'name' => 'DeletionStrategy', 'in' => 'query', 'schema' => ['description' => 'The deletion policy. The policy is used to manage synchronized users when you delete the RAM user provisioning. Valid values:'."\n" ."\n" .'- Delete: When you delete the RAM user provisioning, the system deletes the synchronized users.'."\n" ."\n" .'- Keep: When you delete the RAM user provisioning, the system retains the synchronized users.'."\n" ."\n" .'> If you do not specify this parameter, the deletion policy that is configured when you create the RAM user provisioning is used.', 'type' => 'string', 'required' => false, 'example' => 'Delete', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The returned results.', 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'F6F90F3D-4502-5877-B80B-97476F6AE2CC', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'DeleteUserProvisioning', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeleteUserProvisioning'], ], ], 'ramActions' => [ [ 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:DeleteUserProvisioning', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/{#UserProvisioningId}'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"F6F90F3D-4502-5877-B80B-97476F6AE2CC\\"\\n}","type":"json"}]', ], 'DeleteUserProvisioningEvent' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'EventId', 'in' => 'query', 'schema' => ['description' => 'The ID of the RAM user provisioning event.'."\n" ."\n" .'You can call the [ListUserProvisioningEvents](~~2636305~~) operation to query the value of `EventId`.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'upe-wjKyNDmZvyZOiRcJ****', 'title' => ''], ], [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the resource directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-003qew84****', 'title' => ''], ], [ 'name' => 'UserProvisioningId', 'in' => 'query', 'schema' => ['description' => 'The ID of the RAM user provisioning.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'up-002axzhapcbz6e63****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The returned results.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => 'A9287DA5-FD59-32A0-A810-1962E8B58ABB', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"A9287DA5-FD59-32A0-A810-1962E8B58ABB\\"\\n}","errorExample":""},{"type":"xml","example":"\\n 69A4AB33-****-****-****-29AA0B56****\\n","errorExample":""}]', 'title' => 'DeleteUserProvisioningEvent', 'summary' => 'Deletes a Resource Access Management (RAM) user provisioning event.', 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:DeleteUserProvisioningEvent', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/{#UserProvisioningId}'], ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/*'], ], ], ], ], ], 'DeprovisionAccessConfiguration' => [ 'summary' => 'De-provisions an access configuration from an account in your resource directory.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The directory ID.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'AccessConfigurationId', 'in' => 'query', 'schema' => ['description' => 'The ID of the access configuration.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'ac-00jhtfl8thteu6uj****', 'title' => ''], ], [ 'name' => 'TargetType', 'in' => 'query', 'schema' => ['description' => 'The type of the task object. Set the value to RD-Account, which specifies the accounts in the resource directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'RD-Account', 'title' => ''], ], [ 'name' => 'TargetId', 'in' => 'query', 'schema' => ['description' => 'The ID of the task object.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => '114240524784****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The returned results.', 'type' => 'object', 'properties' => [ 'Tasks' => [ 'description' => 'The task information.', 'type' => 'array', 'items' => [ 'description' => '', 'type' => 'object', 'properties' => [ 'Status' => ['description' => 'The task status. Valid values:'."\n" ."\n" .'- InProgress: The task is running.'."\n" ."\n" .'- Success: The task is successful.'."\n" ."\n" .'- Failed: The task failed.', 'type' => 'string', 'example' => 'InProgress', 'title' => ''], 'TaskId' => ['description' => 'The task ID.', 'type' => 'string', 'example' => 't-sh0655wnq8pdlrlc****', 'title' => ''], 'TargetPath' => ['description' => 'The path ID of the task object in the resource directory.', 'type' => 'string', 'example' => 'rd-3G****/r-Wm****/114240524784****', 'title' => ''], 'TargetName' => ['description' => 'The name of the task object.', 'type' => 'string', 'example' => 'dev-test', 'title' => ''], 'TargetId' => ['description' => 'The ID of the task object.', 'type' => 'string', 'example' => '114240524784****', 'title' => ''], 'AccessConfigurationName' => ['description' => 'The name of the access configuration.', 'type' => 'string', 'example' => 'ECS-Admin', 'title' => ''], 'TargetPathName' => ['description' => 'The path name of the task object in the resource directory.', 'type' => 'string', 'example' => 'rd-3G****/root/dev-test', 'title' => ''], 'TaskType' => ['description' => 'The task type. The value is fixed as DeprovisionAccessConfiguration, which indicates that the access configuration is de-provisioned.', 'type' => 'string', 'example' => 'DeprovisionAccessConfiguration', 'title' => ''], 'TargetType' => ['description' => 'The type of the task object. The value is fixed as RD-Account, which indicates the accounts in the resource directory.', 'type' => 'string', 'example' => 'RD-Account', 'title' => ''], 'AccessConfigurationId' => ['description' => 'The ID of the access configuration.', 'type' => 'string', 'example' => 'ac-00jhtfl8thteu6uj****', 'title' => ''], ], 'title' => '', 'example' => '', ], 'title' => '', 'example' => '', ], 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '584FE9D0-D1AC-5B19-A39C-8D244FC0538C', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'asynchronous', 'callback' => 'cloudsso::2021-05-15::GetTask', 'callbackInterval' => 10000, 'maxCallbackTimes' => 5], 'title' => 'DeprovisionAccessConfiguration', 'description' => 'When you call this operation, an asynchronous task is automatically created. You can call the [GetTask](~~340670~~) operation to query the progress of the task based on the value of the `TaskId` response parameter.'."\n" ."\n" .'This topic provides an example on how to de-provision the access configuration `ac-00jhtfl8thteu6uj****` from the account `114240524784****` in your resource directory.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeprovisionAccessConfiguration'], ], ], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:DeprovisionAccessConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Tasks\\": [\\n {\\n \\"Status\\": \\"InProgress\\",\\n \\"TaskId\\": \\"t-sh0655wnq8pdlrlc****\\",\\n \\"TargetPath\\": \\"rd-3G****/r-Wm****/114240524784****\\",\\n \\"TargetName\\": \\"dev-test\\",\\n \\"TargetId\\": \\"114240524784****\\",\\n \\"AccessConfigurationName\\": \\"ECS-Admin\\",\\n \\"TargetPathName\\": \\"rd-3G****/root/dev-test\\",\\n \\"TaskType\\": \\"DeprovisionAccessConfiguration\\",\\n \\"TargetType\\": \\"RD-Account\\",\\n \\"AccessConfigurationId\\": \\"ac-00jhtfl8thteu6uj****\\"\\n }\\n ],\\n \\"RequestId\\": \\"584FE9D0-D1AC-5B19-A39C-8D244FC0538C\\"\\n}","type":"json"}]', ], 'DisableDelegateAccount' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'AccountId', 'in' => 'query', 'schema' => ['description' => 'The ID of the delegated administrator account of CloudSSO.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '1200971777065046', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '12B3E332-DD16-515B-B695-39BA233AA172', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"12B3E332-DD16-515B-B695-39BA233AA172\\"\\n}","type":"json"}]', 'title' => 'DisableDelegateAccount', 'summary' => 'Disables the delegated administrator account of CloudSSO.', 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:DisableDelegateAccount', 'authLevel' => 'operate', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'All Resource', 'arn' => '*'], ], ], ], ], ], 'DisableService' => [ 'summary' => 'Disables CloudSSO.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'autoTest' => true, 'tenantRelevance' => 'publicInformation'], 'parameters' => [], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '3257EAD2-8723-1F26-B69C-F8707D8B565D', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"3257EAD2-8723-1F26-B69C-F8707D8B565D\\"\\n}","type":"json"}]', 'title' => 'DisableService', 'description' => 'You can disable CloudSSO only when no directories exist in CloudSSO. After you disable CloudSSO, you can re-enable it at any time.', 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:DisableService', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'All Resource', 'arn' => '*'], ], ], ], ], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '5', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DisableService'], ], ], ], 'EnableDelegateAccount' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'AccountId', 'in' => 'query', 'schema' => ['description' => 'The ID of the delegated administrator account of CloudSSO.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '180658567986****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '768F908D-A66A-5A5D-816C-20C93CBBFEE3', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"768F908D-A66A-5A5D-816C-20C93CBBFEE3\\"\\n}","type":"json"}]', 'title' => 'EnableDelegateAccount', 'summary' => 'Enables the delegated administrator account of CloudSSO.', 'description' => 'You can use the management account of a resource directory to specify a member of the resource directory as the delegated administrator account of CloudSSO. For more information, see [Add a delegated administrator account](~~208117~~).'."\n" ."\n" .'After the delegated administrator account of CloudSSO is specified, you can call this operation to enable the delegated administrator account of CloudSSO to manage CloudSSO resources.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:EnableDelegateAccount', 'authLevel' => 'operate', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'All Resource', 'arn' => '*'], ], ], ], ], ], 'EnableService' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free', 'autoTest' => true, 'tenantRelevance' => 'publicInformation'], 'parameters' => [], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '3D57EAD2-8723-1F26-B69C-F8707D8B565D', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'EnableService', 'summary' => 'Enables CloudSSO.', 'description' => 'Only users under the management account of a resource directory who have the permissions to enable CloudSSO can call this operation. For more information, see [Enable CloudSSO](~~262819~~).'."\n" ."\n" .'By calling this operation, you agree to the [Alibaba Cloud International Website Product Terms of Service](https://www.alibabacloud.com/help/doc-detail/42416.htm).', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '5', 'countWindow' => 1, 'regionId' => '*', 'api' => 'EnableService'], ], ], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:EnableService', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'All Resource', 'arn' => '*'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"3D57EAD2-8723-1F26-B69C-F8707D8B565D\\"\\n}","type":"json"}]', ], 'GetAccessConfiguration' => [ 'summary' => 'Queries the details of an access configuration.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'AccessConfigurationId', 'in' => 'query', 'schema' => ['description' => 'The ID of the access configuration.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'ac-00ccule7tadaijxc****', 'title' => ''], ], [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the CloudSSO directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'D5E40508-483B-52F6-993C-D880B0F87591', 'title' => ''], 'AccessConfiguration' => [ 'description' => 'The information about the access configuration.', 'type' => 'object', 'properties' => [ 'AccessConfigurationName' => ['description' => 'The name of the access configuration.', 'type' => 'string', 'example' => 'VPC-Admin', 'title' => ''], 'SessionDuration' => ['description' => 'The session duration.'."\n" ."\n" .'The maximum duration of a session when a CloudSSO user uses the access configuration to access an account in the resource directory.'."\n" ."\n" .'Unit: seconds.', 'type' => 'integer', 'format' => 'int32', 'example' => '3600', 'title' => ''], 'Description' => ['description' => 'The description of the access configuration.', 'type' => 'string', 'example' => 'This is an access configuration.', 'title' => ''], 'RelayState' => ['description' => 'The initial access page.'."\n" ."\n" .'This is the page that a CloudSSO user is redirected to after they uses the access configuration to access an account in your resource directory.', 'type' => 'string', 'example' => 'https://cloudsso.console.aliyun.com', 'title' => ''], 'CreateTime' => ['description' => 'The time when the access configuration was created.', 'type' => 'string', 'example' => '2021-06-30T09:39:44Z', 'title' => ''], 'UpdateTime' => ['description' => 'The time when the access configuration was last modified.', 'type' => 'string', 'example' => '2021-07-26T03:02:11Z', 'title' => ''], 'StatusNotifications' => [ 'description' => 'The status notifications.', 'type' => 'array', 'items' => ['description' => 'The status notification. Valid values:'."\n" ."\n" .'- Empty: No status notification was generated.'."\n" ."\n" .'- ReprovisionRequired: The access configuration needs to be redeployed.', 'type' => 'string', 'example' => 'ReprovisionRequired', 'title' => ''], 'title' => '', 'example' => '', ], 'AccessConfigurationId' => ['description' => 'The ID of the access configuration.', 'type' => 'string', 'example' => 'ac-00ccule7tadaijxc****', 'title' => ''], 'Tags' => [ 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Key' => ['description' => 'The tag key.', 'type' => 'string', 'title' => '', 'example' => ''], 'Value' => ['description' => 'The tag value.', 'type' => 'string', 'title' => '', 'example' => ''], ], 'description' => 'The tag attached to the access configuration.', 'title' => '', 'example' => '', ], 'description' => 'The tags attached to the access configuration.', 'title' => '', 'example' => '', ], ], 'title' => '', 'example' => '', ], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"D5E40508-483B-52F6-993C-D880B0F87591\\",\\n \\"AccessConfiguration\\": {\\n \\"AccessConfigurationName\\": \\"VPC-Admin\\",\\n \\"SessionDuration\\": 3600,\\n \\"Description\\": \\"This is an access configuration.\\",\\n \\"RelayState\\": \\"https://cloudsso.console.aliyun.com\\",\\n \\"CreateTime\\": \\"2021-06-30T09:39:44Z\\",\\n \\"UpdateTime\\": \\"2021-07-26T03:02:11Z\\",\\n \\"StatusNotifications\\": [\\n \\"ReprovisionRequired\\"\\n ],\\n \\"AccessConfigurationId\\": \\"ac-00ccule7tadaijxc****\\",\\n \\"Tags\\": [\\n {\\n \\"Key\\": \\"\\",\\n \\"Value\\": \\"\\"\\n }\\n ]\\n }\\n}","type":"json"}]', 'title' => 'GetAccessConfiguration', 'description' => 'This topic provides an example of how to query the details of an access configuration with the ID `ac-00ccule7tadaijxc****`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetAccessConfiguration'], ], ], 'ramActions' => [ [ 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetAccessConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ], ], ], ], ], 'GetDirectory' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => 'AA6A9E4B-8A61-59E1-AA87-F61CA18258A3', 'title' => ''], 'Directory' => [ 'description' => 'The information about the directory.'."\n", 'type' => 'object', 'properties' => [ 'DirectoryId' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'example' => 'd-00fc2p61****', 'title' => ''], 'CreateTime' => ['description' => 'The time when the directory was created.'."\n", 'type' => 'string', 'example' => '2021-06-30T08:35:26Z', 'title' => ''], 'UpdateTime' => ['description' => 'The time when the directory was modified.'."\n", 'type' => 'string', 'example' => '2021-10-25T07:18:46Z', 'title' => ''], 'Region' => ['description' => 'The region ID of the directory.'."\n", 'type' => 'string', 'example' => 'cn-shanghai', 'title' => ''], 'DirectoryName' => ['description' => 'The name of the directory.'."\n", 'type' => 'string', 'example' => 'example', 'title' => ''], ], 'title' => '', ], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"AA6A9E4B-8A61-59E1-AA87-F61CA18258A3\\",\\n \\"Directory\\": {\\n \\"DirectoryId\\": \\"d-00fc2p61****\\",\\n \\"CreateTime\\": \\"2021-06-30T08:35:26Z\\",\\n \\"UpdateTime\\": \\"2021-10-25T07:18:46Z\\",\\n \\"Region\\": \\"cn-shanghai\\",\\n \\"DirectoryName\\": \\"example\\"\\n }\\n}","errorExample":""},{"type":"xml","example":"\\n AA6A9E4B-8A61-59E1-AA87-F61CA18258A3\\n \\n d-00fc2p61****\\n 2021-06-30T08:35:26Z\\n 2021-10-25T07:18:46Z\\n cn-shanghai\\n example\\n \\n","errorExample":""}]', 'title' => 'GetDirectory', 'summary' => 'Queries information about a directory.', 'description' => 'This topic provides an example on how to query information about the directory whose ID is `d-00fc2p61****`.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetDirectory', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'GetDirectorySAMLServiceProviderInfo' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '4632107D-BCE1-5A96-B30B-182EE0709625', 'title' => ''], 'SAMLServiceProvider' => [ 'description' => 'The information about the SP.'."\n", 'type' => 'object', 'properties' => [ 'EntityId' => ['description' => 'The entity ID of the SP.'."\n", 'type' => 'string', 'example' => 'https://signin-cn-shanghai.alibabacloudsso.com/saml/sp/d-00fc2p61****', 'title' => ''], 'DirectoryId' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'example' => 'd-00fc2p61****', 'title' => ''], 'EncodedMetadataDocument' => ['description' => 'The metadata file of the SP. The value of this parameter is Base64-encoded.'."\n", 'type' => 'string', 'example' => 'PD94bWwgdmVyc2lv****', 'title' => ''], 'AcsUrl' => ['description' => 'The Assertion Consumer Service (ACS) URL of the SP.'."\n", 'type' => 'string', 'example' => 'https://signin-cn-shanghai.alibabacloudsso.com/saml/acs/51d298a9-2a3f-4e23-97c7-7ad1cfa9****', 'title' => ''], 'AuthnSignAlgo' => ['description' => 'The signature algorithm supported by the AuthNRequest initiated by Alibaba Cloud. Value:'."\n" ."\n" .'- rsa-sha256'."\n" ."\n" .'- rsa-sha1', 'type' => 'string', 'example' => 'rsa-sha256', 'title' => ''], 'CertificateType' => ['description' => 'The certificate type used by Alibaba Cloud for signing during the SSO process. Value:'."\n" ."\n" .'- self-signed: Use a self-signed certificate.'."\n" ."\n" .'- public: Use a certificate issued by CA.', 'type' => 'string', 'example' => 'public', 'title' => ''], 'SupportEncryptedAssertion' => ['description' => 'Whether to support Assertion encryption on the IdP side.', 'type' => 'boolean', 'example' => 'true', 'title' => ''], ], 'title' => '', ], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"4632107D-BCE1-5A96-B30B-182EE0709625\\",\\n \\"SAMLServiceProvider\\": {\\n \\"EntityId\\": \\"https://signin-cn-shanghai.alibabacloudsso.com/saml/sp/d-00fc2p61****\\",\\n \\"DirectoryId\\": \\"d-00fc2p61****\\",\\n \\"EncodedMetadataDocument\\": \\"PD94bWwgdmVyc2lv****\\",\\n \\"AcsUrl\\": \\"https://signin-cn-shanghai.alibabacloudsso.com/saml/acs/51d298a9-2a3f-4e23-97c7-7ad1cfa9****\\",\\n \\"AuthnSignAlgo\\": \\"rsa-sha256\\",\\n \\"CertificateType\\": \\"public\\",\\n \\"SupportEncryptedAssertion\\": true\\n }\\n}","errorExample":""},{"type":"xml","example":"\\n 4632107D-BCE1-5A96-B30B-182EE0709625\\n \\n https://signin-cn-shanghai.alibabacloudsso.com/saml/sp/d-00fc2p61****\\n d-00fc2p61****\\n PD94bWwgdmVyc2lv****\\n https://signin-cn-shanghai.alibabacloudsso.com/saml/acs/51d298a9-2a3f-4e23-97c7-7ad1cfa9****\\n \\n","errorExample":""}]', 'title' => 'GetDirectorySAMLServiceProviderInfo', 'summary' => 'Queries information about a Security Assertion Markup Language (SAML) service provider (SP).', 'description' => 'During SAML 2.0-based single sign-on (SSO) logon, CloudSSO is an SP, and the identity management system of an enterprise is an identity provider (IdP).'."\n" ."\n" .'This topic provides an example on how to query information about the SP within the directory `d-00fc2p61****`.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetDirectorySAMLServiceProviderInfo', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'GetDirectoryStatistics' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '7B7228B0-A435-5D27-A6B2-ED3571F0654B', 'title' => ''], 'DirectoryStatistics' => [ 'description' => 'The statistics of the directory.'."\n", 'type' => 'object', 'properties' => [ 'UserCount' => ['description' => 'The number of users.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '16', 'title' => ''], 'GroupCount' => ['description' => 'The number of user groups.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '4', 'title' => ''], 'UserQuota' => ['description' => 'The quota for users.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '1000', 'title' => ''], 'GroupQuota' => ['description' => 'The quota for user groups.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '500', 'title' => ''], 'AccessConfigurationQuota' => ['description' => 'The quota for access configurations.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '1000', 'title' => ''], 'AccessAssignmentCount' => ['description' => 'The number of access permissions that are assigned.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '5', 'title' => ''], 'SCIMServerCredentialCount' => ['description' => 'The number of SCIM credentials.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '2', 'title' => ''], 'DirectoryId' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'example' => 'd-00fc2p61****', 'title' => ''], 'SSOEnabled' => ['description' => 'Indicates whether SSO is enabled. Valid values:'."\n" ."\n" .'* true'."\n" .'* false'."\n", 'type' => 'boolean', 'example' => 'false', 'title' => ''], 'Region' => ['description' => 'The region ID of the directory.'."\n", 'type' => 'string', 'example' => 'cn-shanghai', 'title' => ''], 'AccessConfigurationCount' => ['description' => 'The number of access configurations.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '6', 'title' => ''], 'DirectoryName' => ['description' => 'The name of the directory.'."\n", 'type' => 'string', 'example' => 'new-example', 'title' => ''], 'InProgressTaskCount' => ['description' => 'The number of tasks that are being performed.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '0', 'title' => ''], 'SCIMSyncEnabled' => ['description' => 'Indicates whether SCIM synchronization is enabled. Valid values:'."\n" ."\n" .'* true'."\n" .'* false'."\n", 'type' => 'boolean', 'example' => 'true', 'title' => ''], 'SystemPolicyPerAccessConfigurationQuota' => ['description' => 'The quota for system policies that can be configured for an access configuration.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '20', 'title' => ''], 'InlinePolicyPerAccessConfigurationQuota' => ['description' => 'The number of inline policies that can be configured for an access configuration.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''], ], 'title' => '', ], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"7B7228B0-A435-5D27-A6B2-ED3571F0654B\\",\\n \\"DirectoryStatistics\\": {\\n \\"UserCount\\": 16,\\n \\"GroupCount\\": 4,\\n \\"UserQuota\\": 1000,\\n \\"GroupQuota\\": 500,\\n \\"AccessConfigurationQuota\\": 1000,\\n \\"AccessAssignmentCount\\": 5,\\n \\"SCIMServerCredentialCount\\": 2,\\n \\"DirectoryId\\": \\"d-00fc2p61****\\",\\n \\"SSOEnabled\\": false,\\n \\"Region\\": \\"cn-shanghai\\",\\n \\"AccessConfigurationCount\\": 6,\\n \\"DirectoryName\\": \\"new-example\\",\\n \\"InProgressTaskCount\\": 0,\\n \\"SCIMSyncEnabled\\": true,\\n \\"SystemPolicyPerAccessConfigurationQuota\\": 20,\\n \\"InlinePolicyPerAccessConfigurationQuota\\": 1\\n }\\n}","errorExample":""},{"type":"xml","example":"\\n 7B7228B0-A435-5D27-A6B2-ED3571F0654B\\n \\n 16\\n 4\\n 1000\\n 500\\n 1000\\n true\\n 5\\n 2\\n d-00fc2p61****\\n false\\n cn-shanghai\\n 6\\n new-example\\n 0\\n \\n","errorExample":""}]', 'title' => 'GetDirectoryStatistics', 'summary' => 'Queries the statistics of a directory.', 'description' => 'This topic provides an example on how to query the statistics of a directory whose ID is `d-00fc2p61****`. The statistics include the number of users, quota for users, number of groups, quota for groups, number of access configurations, quota for access configurations, number of access permissions that are assigned, number of system policies that can be configured for an access configuration, number of System for Cross-domain Identity Management (SCIM) credentials, number of asynchronous tasks, status of single sign-on (SSO) logon, and status of SCIM synchronization.'."\n", 'requestParamsDescription' => 'For more information about common request parameters, see [Common parameters](~~330093~~).'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetDirectoryStatistics', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'GetExternalSAMLIdentityProvider' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '96D1E5FF-0301-5636-8D33-071E033CFB82', 'title' => ''], 'SAMLIdentityProviderConfiguration' => [ 'description' => 'The configurations of the IdP.'."\n", 'type' => 'object', 'properties' => [ 'EntityId' => ['description' => 'The ID of the IdP.'."\n", 'type' => 'string', 'example' => 'http://www.okta.com/exk3qwgtjhetR2Od****', 'title' => ''], 'SSOStatus' => ['description' => 'Indicates whether SSO is enabled. Valid values:'."\n" ."\n" .'* Enabled'."\n" .'* Disabled'."\n", 'type' => 'string', 'example' => 'Enabled', 'title' => ''], 'DirectoryId' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'example' => 'd-00fc2p61****', 'title' => ''], 'EncodedMetadataDocument' => ['description' => 'The metadata file of the IdP. The value of this parameter is Base64-encoded.'."\n", 'type' => 'string', 'example' => 'PD94bWwgdmVyc2lvbj0iMS4****', 'title' => ''], 'CreateTime' => ['description' => 'The time when the IdP was configured for the first time.'."\n", 'type' => 'string', 'example' => '2021-11-09T09:30:13Z', 'title' => ''], 'WantRequestSigned' => ['description' => 'Indicates whether CloudSSO needs to sign SAML requests. The requests are sent when users log on to the CloudSSO user portal to initiate SAML-based SSO. Valid values:'."\n" ."\n" .'* true:'."\n" .'* false (default)'."\n", 'type' => 'boolean', 'example' => 'false', 'title' => ''], 'UpdateTime' => ['description' => 'The time when the IdP configurations were last modified.'."\n", 'type' => 'string', 'example' => '2021-11-09T09:30:22Z', 'title' => ''], 'CertificateIds' => [ 'description' => 'The SAML signing certificates.'."\n", 'type' => 'array', 'items' => ['description' => 'The ID of the SAML signing certificate.'."\n" ."\n" .'Multiple IDs are separated by commas (,).'."\n", 'type' => 'string', 'example' => '[ "idp-c-00s6c04my7hvv1uj****" ]', 'title' => ''], 'title' => '', ], 'LoginUrl' => ['description' => 'The logon URL of the IdP.'."\n", 'type' => 'string', 'example' => 'https://dev-xxxxxx.okta.com/app/dev-xxxxxx_cloudssodemo_1/exk3qwgtjhetR2Od****/sso/saml', 'title' => ''], 'BindingType' => ['description' => 'The binding for sending SAML requests. Valid values:'."\n" ."\n" .'* Post: HTTP Post bindings.'."\n" .'* Redirect: HTTP Redirect bindings.'."\n", 'type' => 'string', 'example' => 'Post', 'title' => ''], ], 'title' => '', ], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"96D1E5FF-0301-5636-8D33-071E033CFB82\\",\\n \\"SAMLIdentityProviderConfiguration\\": {\\n \\"EntityId\\": \\"http://www.okta.com/exk3qwgtjhetR2Od****\\",\\n \\"SSOStatus\\": \\"Enabled\\",\\n \\"DirectoryId\\": \\"d-00fc2p61****\\",\\n \\"EncodedMetadataDocument\\": \\"PD94bWwgdmVyc2lvbj0iMS4****\\",\\n \\"CreateTime\\": \\"2021-11-09T09:30:13Z\\",\\n \\"WantRequestSigned\\": false,\\n \\"UpdateTime\\": \\"2021-11-09T09:30:22Z\\",\\n \\"CertificateIds\\": [\\n \\"[ \\\\\\"idp-c-00s6c04my7hvv1uj****\\\\\\" ]\\"\\n ],\\n \\"LoginUrl\\": \\"https://dev-xxxxxx.okta.com/app/dev-xxxxxx_cloudssodemo_1/exk3qwgtjhetR2Od****/sso/saml\\",\\n \\"BindingType\\": \\"Post\\"\\n }\\n}","errorExample":""},{"type":"xml","example":"\\n 96D1E5FF-0301-5636-8D33-071E033CFB82\\n \\n http://www.okta.com/exk3qwgtjhetR2Od****\\n Enabled\\n d-00fc2p61****\\n PD94bWwgdmVyc2lvbj0iMS4****\\n 2021-11-09T09:30:13Z\\n false\\n 2021-11-09T09:30:22Z\\n idp-c-00s6c04my7hvv1uj****\\n https://dev-xxxxxx.okta.com/app/dev-xxxxxx_cloudssodemo_1/exk3qwgtjhetR2Od****/sso/saml\\n \\n","errorExample":""}]', 'title' => 'GetExternalSAMLIdentityProvider', 'summary' => 'Queries the configurations of a Security Assertion Markup Language (SAML) identity provider (IdP).', 'description' => 'This topic provides an example on how to query the configurations of the SAML IdP within the directory `d-00fc2p61****`.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetExternalSAMLIdentityProvider', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'GetGroup' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'GroupId', 'in' => 'query', 'schema' => ['description' => 'The ID of the group.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'g-00jqzghi2n3o5hkh****', 'title' => ''], ], [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'Group' => [ 'description' => 'The information about the group.'."\n", 'type' => 'object', 'properties' => [ 'GroupName' => ['description' => 'The name of the group.'."\n", 'type' => 'string', 'example' => 'TestGroup', 'title' => ''], 'Description' => ['description' => 'The description of the group.'."\n", 'type' => 'string', 'example' => 'This is a group.', 'title' => ''], 'CreateTime' => ['description' => 'The time when the group was created.'."\n", 'type' => 'string', 'example' => '2021-11-01T02:38:27Z', 'title' => ''], 'ProvisionType' => ['description' => 'The type of the group. Valid values:'."\n" ."\n" .'* Manual: The group is manually created.'."\n" .'* Synchronized: The group is synchronized from an external identity provider (IdP).'."\n", 'type' => 'string', 'example' => 'Manual', 'title' => ''], 'UpdateTime' => ['description' => 'The time when information about the group was modified.'."\n", 'type' => 'string', 'example' => '2021-11-01T02:38:27Z', 'title' => ''], 'GroupId' => ['description' => 'The ID of the group.'."\n", 'type' => 'string', 'example' => 'g-00jqzghi2n3o5hkh****', 'title' => ''], ], 'title' => '', ], 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '768F908D-A66A-5A5D-816C-20C93CBBFEE3', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"Group\\": {\\n \\"GroupName\\": \\"TestGroup\\",\\n \\"Description\\": \\"This is a group.\\",\\n \\"CreateTime\\": \\"2021-11-01T02:38:27Z\\",\\n \\"ProvisionType\\": \\"Manual\\",\\n \\"UpdateTime\\": \\"2021-11-01T02:38:27Z\\",\\n \\"GroupId\\": \\"g-00jqzghi2n3o5hkh****\\"\\n },\\n \\"RequestId\\": \\"768F908D-A66A-5A5D-816C-20C93CBBFEE3\\"\\n}","errorExample":""},{"type":"xml","example":"\\n \\n TestGroup\\n This is a group.\\n 2021-11-01T02:38:27Z\\n Manual\\n 2021-11-01T02:38:27Z\\n g-00jqzghi2n3o5hkh****\\n \\n 768F908D-A66A-5A5D-816C-20C93CBBFEE3\\n","errorExample":""}]', 'title' => 'GetGroup', 'summary' => 'Queries information about a group.', 'description' => 'This topic provides an example on how to query information about the group `g-00jqzghi2n3o5hkh****` in the directory `d-00fc2p61****`.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetGroup', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/{#GroupId}'], ], ], ], ], ], 'GetLoginPreference' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '8CE8B990-193D-50CE-A604-69F3E7DCE740', 'title' => ''], 'LoginPreference' => [ 'description' => 'The logon preference.'."\n", 'type' => 'object', 'properties' => [ 'LoginNetworkMasks' => ['description' => 'The IP address whitelist. CloudSSO users can log on to the CloudSSO user portal only by using the IP addresses in the whitelist.'."\n" ."\n" .'The IP address whitelist takes effect only on CloudSSO users who want to log on to the CloudSSO user portal by using the username-password logon or single sign-on (SSO) method. The IP address whitelist does not take effect on CloudSSO users who access accounts in a resource directory from the CloudSSO user portal.'."\n" ."\n" .'If the return value of this parameter is empty, no IP address whitelists are configured.'."\n", 'type' => 'string', 'example' => '192.168.0.0/16;10.0.0.0/8', 'title' => ''], 'AllowUserToGetCredentials' => ['description' => 'Indicates whether a user can obtain the application access credential after logon to the portal. Valid values:'."\n" ."\n" .'* True'."\n" .'* False (default)'."\n", 'type' => 'boolean', 'example' => 'True', 'title' => ''], ], 'title' => '', ], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"8CE8B990-193D-50CE-A604-69F3E7DCE740\\",\\n \\"LoginPreference\\": {\\n \\"LoginNetworkMasks\\": \\"192.168.0.0/16;10.0.0.0/8\\",\\n \\"AllowUserToGetCredentials\\": true\\n }\\n}","type":"json"}]', 'title' => 'GetLoginPreference', 'summary' => 'Queries the logon preference of CloudSSO users.', 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetLoginPreference', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'GetMFAAuthenticationSettingInfo' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'title' => 'Schema of Response', 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['title' => 'Id of the request', 'description' => 'The ID of the request.'."\n", 'type' => 'string', 'example' => '95D3B107-DA80-5B34-A3D0-9E82F8F0DA0E'], 'MFAAuthenticationSettingInfo' => [ 'description' => 'The MFA setting of all users.'."\n", 'type' => 'object', 'properties' => [ 'MfaAuthenticationAdvanceSettings' => ['description' => 'The MFA policy of all users. Valid values:'."\n" ."\n" .'* Enabled: MFA is enabled for all users.'."\n" .'* Byuser: User-specific settings are applied. For more information about how to configure MFA for a single user, see [UpdateUserMFAAuthenticationSettings](~~450135~~).'."\n" .'* Disabled: MFA is disabled for all users.'."\n" .'* OnlyRiskyLogin: MFA is required only for unusual logons.'."\n", 'type' => 'string', 'example' => 'OnlyRiskyLogin', 'title' => ''], 'OperationForRiskLogin' => ['description' => 'The MFA policy for unusual logons. Valid values:'."\n" ."\n" .'* Autonomous: MFA is prompted for users who initiated unusual logons. However, the users are allowed to skip MFA. If an MFA device is bound to a user who initiated an unusual logon, the user must pass MFA.'."\n" .'* EnforceVerify: MFA is required. If no MFA devices are bound to a user who initiated an unusual logon, the user must bind an MFA device. If an MFA device is already bound to a user who initiated an unusual logon, the user must pass MFA.'."\n" ."\n" .'> This parameter is displayed only when Byuser or OnlyRiskyLogin is returned for the MfaAuthenticationAdvanceSettings parameter.'."\n", 'type' => 'string', 'example' => 'EnforceVerify', 'title' => ''], ], 'title' => '', ], ], ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"95D3B107-DA80-5B34-A3D0-9E82F8F0DA0E\\",\\n \\"MFAAuthenticationSettingInfo\\": {\\n \\"MfaAuthenticationAdvanceSettings\\": \\"OnlyRiskyLogin\\",\\n \\"OperationForRiskLogin\\": \\"EnforceVerify\\"\\n }\\n}","errorExample":""},{"type":"xml","example":"\\n 95D3B107-DA80-5B34-A3D0-9E82F8F0DA0E\\n \\n OnlyRiskyLogin\\n EnforceVerify\\n \\n","errorExample":""}]', 'title' => 'GetMFAAuthenticationSettingInfo', 'summary' => 'Queries the multi-factor authentication (MFA) setting of all users.', 'description' => 'If you enable username-password logon for CloudSSO users, you can query the MFA setting for the users.'."\n" ."\n" .'This topic provides an example on how to query the MFA setting of all CloudSSO users that belong to the directory named `u-00q8wbq42wiltcrk****`.'."\n", 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetMFAAuthenticationSettingInfo'], ], ], 'ramActions' => [ [ 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetMFAAuthenticationSettingInfo', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'GetMFAAuthenticationSettings' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The ID of the request.'."\n", 'type' => 'string', 'example' => 'A2BC00C5-76A2-5FFC-A340-927940A98377', 'title' => ''], 'MFAAuthenticationAdvanceSettings' => ['description' => 'Indicates whether MFA is enabled for all users. Valid values:'."\n" ."\n" .'* Enabled: MFA is enabled for all users.'."\n" .'* Byuser: User-specific settings are applied.'."\n" .'* Disabled: MFA is disabled for all users.'."\n", 'type' => 'string', 'example' => 'Enabled', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"A2BC00C5-76A2-5FFC-A340-927940A98377\\",\\n \\"MFAAuthenticationAdvanceSettings\\": \\"Enabled\\"\\n}","errorExample":""},{"type":"xml","example":"\\n A2BC00C5-76A2-5FFC-A340-927940A98377\\n Enabled\\n","errorExample":""}]', 'title' => 'GetMFAAuthenticationSettings', 'summary' => 'Queries the multi-factor authentication (MFA) setting of all users.', 'description' => '> This operation is no longer maintained and updated. You can call the [GetMFAAuthenticationSettingInfo](~~611286~~) operation to query more detailed information.'."\n" ."\n" .'This topic provides an example on how to query the MFA setting of the users that belong to the directory named `d-00fc2p61****`. The returned result shows that MFA is enabled for all the users.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetMFAAuthenticationSettings', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'GetMFAAuthenticationStatus' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '5E688346-DF1A-5537-9BFC-8A9974D29586', 'title' => ''], 'MFAAuthenticationStatus' => ['description' => 'Indicates whether MFA is enabled for users. Valid values:'."\n" ."\n" .'* Enabled'."\n" .'* Disabled'."\n", 'type' => 'string', 'example' => 'Enabled', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"5E688346-DF1A-5537-9BFC-8A9974D29586\\",\\n \\"MFAAuthenticationStatus\\": \\"Enabled\\"\\n}","errorExample":""},{"type":"xml","example":"\\n 5E688346-DF1A-5537-9BFC-8A9974D29586\\n Enabled\\n","errorExample":""}]', 'title' => 'GetMFAAuthenticationStatus', 'summary' => 'Checks whether multi-factor authentication (MFA) is enabled for users.', 'description' => 'This topic provides an example on how to check whether MFA is enabled for users in the directory whose ID is `d-00fc2p61****`. The returned result shows that MFA is in the Enabled state.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetMFAAuthenticationStatus', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'GetPasswordPolicy' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The returned result.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => 'B7C6E839-FB65-59BE-B753-003AA8AF7DF7', 'title' => ''], 'PasswordPolicy' => [ 'description' => 'The password policy.'."\n", 'type' => 'object', 'properties' => [ 'MinPasswordLength' => ['description' => 'The minimum password length.'."\n" ."\n" .'Valid values: 8 to 32 characters.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '8', 'title' => ''], 'MinPasswordDifferentChars' => ['description' => 'The minimum number of different characters in a password.'."\n" ."\n" .'The minimum value is 0, which indicates that the minimum number of different characters in a password is not limited. The maximum value is the value of the `MinPasswordLength` parameter.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '8', 'title' => ''], 'PasswordNotContainUsername' => ['description' => 'Indicates whether to exclude the username from the password. Valid values:'."\n" ."\n" .'* true: A password cannot contain the username.'."\n" .'* false: A password can contain the username.'."\n", 'type' => 'boolean', 'example' => 'true', 'title' => ''], 'MaxPasswordAge' => ['description' => 'The validity period of a password.'."\n" ."\n" .'Valid values: 1 to 120. Unit: days.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '90', 'title' => ''], 'PasswordReusePrevention' => ['description' => 'The policy for password history check.'."\n" ."\n" .'The previous N passwords cannot be reused. Valid values of N: 0 to 24. The value 0 indicates that all historical passwords can be reused.'."\n" ."\n" .'> Passwords that are generated before January 5, 2024 are not counted as historical passwords.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''], 'MaxLoginAttempts' => ['description' => 'The number of password retries.'."\n" ."\n" .'If wrong passwords are entered for the specified consecutive times, the account is locked for 1 hour.'."\n" ."\n" .'Valid values: 0 to 32. The value 0 indicates that the number of password retries is not limited.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '5', 'title' => ''], 'RequireNumbers' => ['description' => 'Indicates whether digits are required in a password. Valid values:'."\n" ."\n" .'* true: Digits are required in a password.'."\n" .'* false: Digits are not required in a password.'."\n", 'type' => 'boolean', 'example' => 'true', 'title' => ''], 'RequireLowerCaseChars' => ['description' => 'Indicates whether lowercase letters are required in a password. Valid values:'."\n" ."\n" .'* true: Lowercase letters are required in a password.'."\n" .'* false: Lowercase letters are not required in a password.'."\n", 'type' => 'boolean', 'example' => 'true', 'title' => ''], 'MaxPasswordLength' => ['description' => 'The maximum password length.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '32', 'title' => ''], 'RequireUpperCaseChars' => ['description' => 'Indicates whether uppercase letters are required in a password. Valid values:'."\n" ."\n" .'* true: Uppercase letters are required in a password.'."\n" .'* false: Uppercase letters are not required in a password.'."\n", 'type' => 'boolean', 'example' => 'true', 'title' => ''], 'RequireSymbols' => ['description' => 'Indicates whether special characters are required in a password. Valid values:'."\n" ."\n" .'* true: Special characters are required in a password.'."\n" .'* false: Special characters are not required in a password.'."\n", 'type' => 'boolean', 'example' => 'true', 'title' => ''], 'HardExpire' => ['description' => 'Indicates whether to disable logon after a password expires. Valid values:'."\n" ."\n" .'* true: disables logon after a password expires.'."\n" .'* false: does not disable logon after a password expires.'."\n", 'type' => 'boolean', 'example' => 'true', 'title' => ''], ], 'title' => '', ], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"B7C6E839-FB65-59BE-B753-003AA8AF7DF7\\",\\n \\"PasswordPolicy\\": {\\n \\"MinPasswordLength\\": 8,\\n \\"MinPasswordDifferentChars\\": 8,\\n \\"PasswordNotContainUsername\\": true,\\n \\"MaxPasswordAge\\": 90,\\n \\"PasswordReusePrevention\\": 1,\\n \\"MaxLoginAttempts\\": 5,\\n \\"RequireNumbers\\": true,\\n \\"RequireLowerCaseChars\\": true,\\n \\"MaxPasswordLength\\": 32,\\n \\"RequireUpperCaseChars\\": true,\\n \\"RequireSymbols\\": true,\\n \\"HardExpire\\": true\\n }\\n}","type":"json"}]', 'title' => 'GetPasswordPolicy', 'summary' => 'Queries the password policy of CloudSSO users.', 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetPasswordPolicy', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'GetSCIMSynchronizationStatus' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '7C086C2F-1C66-57B3-B14E-2C1DA70727CD', 'title' => ''], 'SCIMSynchronizationStatus' => ['description' => 'The status of SCIM synchronization. Valid values:'."\n" ."\n" .'* Enabled'."\n" .'* Disabled'."\n", 'type' => 'string', 'example' => 'Enabled', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"7C086C2F-1C66-57B3-B14E-2C1DA70727CD\\",\\n \\"SCIMSynchronizationStatus\\": \\"Enabled\\"\\n}","errorExample":""},{"type":"xml","example":"\\n 7C086C2F-1C66-57B3-B14E-2C1DA70727CD\\n Enabled\\n","errorExample":""}]', 'title' => 'GetSCIMSynchronizationStatus', 'summary' => 'Queries the status of System for Cross-domain Identity Management (SCIM) synchronization.', 'description' => 'This topic provides an example on how to query the status of SCIM synchronization within the directory `d-00fc2p61****`. The returned result shows that SCIM synchronization is in the Enabled state.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetSCIMSynchronizationStatus', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'GetServiceStatus' => [ 'summary' => 'Queries the status of CloudSSO.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'autoTest' => true, 'tenantRelevance' => 'publicInformation'], 'parameters' => [], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'ADADC31D-90EE-5459-99B0-D83DF07769A3', 'title' => ''], 'ServiceStatus' => [ 'description' => 'The status information of CloudSSO.', 'type' => 'object', 'properties' => [ 'Status' => ['description' => 'The status of CloudSSO. Valid values:'."\n" ."\n" .'- Enabled'."\n" ."\n" .'- Disabled', 'type' => 'string', 'example' => 'Enabled', 'title' => ''], 'AccountId' => ['description' => 'The ID of your Alibaba Cloud account.', 'type' => 'string', 'example' => '151266687691****', 'title' => ''], 'PrerequisiteCheckResult' => ['description' => 'Indicates whether the prerequisites for enabling CloudSSO are met. Valid values:'."\n" ."\n" .'- Success: The prerequisites are met.'."\n" ."\n" .'- Failed: The prerequisites are not met.'."\n" ."\n" .'> The value of this parameter is returned only if the value of `Status` is `Disabled`.', 'type' => 'string', 'example' => 'Success', 'title' => ''], 'RegionsInUse' => [ 'description' => 'The IDs of regions where directories are deployed.', 'type' => 'array', 'items' => ['description' => 'The region ID of the directory. The value depends on the directory status:'."\n" ."\n" .'- If a directory exists, the value is the region ID of the directory.'."\n" ."\n" .'- If no directory exists, this parameter is empty.'."\n" ."\n" .'> The value of this parameter is returned only if the value of `Status` is `Enabled`.', 'type' => 'string', 'example' => 'cn-shanghai', 'title' => ''], 'title' => '', 'example' => '', ], ], 'title' => '', 'example' => '', ], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"ADADC31D-90EE-5459-99B0-D83DF07769A3\\",\\n \\"ServiceStatus\\": {\\n \\"Status\\": \\"Enabled\\",\\n \\"AccountId\\": \\"151266687691****\\",\\n \\"PrerequisiteCheckResult\\": \\"Success\\",\\n \\"RegionsInUse\\": [\\n \\"cn-shanghai\\"\\n ]\\n }\\n}","type":"json"}]', 'title' => 'GetServiceStatus', 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetServiceStatus', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'All Resource', 'arn' => '*'], ], ], ], ], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetServiceStatus'], ], ], ], 'GetTask' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The directory ID.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'TaskId', 'in' => 'query', 'schema' => ['description' => 'The task ID.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 't-shfqw1u1edszvxw5****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The returned results.'."\n", 'type' => 'object', 'properties' => [ 'Task' => [ 'description' => 'The task information.'."\n", 'type' => 'object', 'properties' => [ 'Status' => ['description' => 'The task status. Valid values:'."\n" ."\n" .'* InProgress: The task is running.'."\n" .'* Success: The task is successful.'."\n" .'* Failed: The task failed.'."\n", 'type' => 'string', 'example' => 'Success', 'title' => ''], 'TaskId' => ['description' => 'The task ID.'."\n", 'type' => 'string', 'example' => 't-shfqw1u1edszvxw5****', 'title' => ''], 'EndTime' => ['description' => 'The end time of the task.'."\n", 'type' => 'string', 'example' => '2021-11-05T02:58:08Z', 'title' => ''], 'PrincipalId' => ['description' => 'The ID of the CloudSSO identity.'."\n", 'type' => 'string', 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], 'TargetPath' => ['description' => 'The path ID of the task object in the resource directory.'."\n", 'type' => 'string', 'example' => 'rd-3G****/r-Wm****/114240524784****', 'title' => ''], 'StartTime' => ['description' => 'The start time of the task.'."\n", 'type' => 'string', 'example' => '2021-11-05T02:58:07Z', 'title' => ''], 'PrincipalName' => ['description' => 'The name of the CloudSSO identity.'."\n", 'type' => 'string', 'example' => 'Alice', 'title' => ''], 'TargetName' => ['description' => 'The name of the task object.'."\n", 'type' => 'string', 'example' => 'dev-test', 'title' => ''], 'TargetId' => ['description' => 'The ID of the task object.'."\n", 'type' => 'string', 'example' => '114240524784****', 'title' => ''], 'AccessConfigurationName' => ['description' => 'The name of the access configuration.'."\n", 'type' => 'string', 'example' => 'ECS-Admin', 'title' => ''], 'TargetPathName' => ['description' => 'The path name of the task object in the resource directory.'."\n", 'type' => 'string', 'example' => 'rd-3G****/root/dev-test', 'title' => ''], 'TaskType' => ['description' => 'The task type. Valid values:'."\n" ."\n" .'* ProvisionAccessConfiguration: An access configuration is provisioned.'."\n" .'* DeprovisionAccessConfiguration: An access configuration is de-provisioned.'."\n" .'* CreateAccessAssignment: Access permissions on an account in the resource directory are assigned.'."\n" .'* DeleteAccessAssignment: Access permissions on an account in the resource directory are removed.'."\n", 'type' => 'string', 'example' => 'DeleteAccessAssignment', 'title' => ''], 'FailureReason' => ['description' => 'The cause of the task failure.'."\n" ."\n" .'> This parameter is returned only when the value of `Status` is `Failed`.'."\n", 'type' => 'string', 'example' => 'No Permission.', 'title' => ''], 'TargetType' => ['description' => 'The type of the task object. The value is fixed as RD-Account, which indicates the accounts in the resource directory.'."\n", 'type' => 'string', 'example' => 'RD-Account', 'title' => ''], 'AccessConfigurationId' => ['description' => 'The ID of the access configuration.'."\n", 'type' => 'string', 'example' => 'ac-00jhtfl8thteu6uj****', 'title' => ''], 'PrincipalType' => ['description' => 'The type of the CloudSSO identity. Valid values:'."\n" ."\n" .'* User'."\n" .'* Group'."\n", 'type' => 'string', 'example' => 'User', 'title' => ''], ], 'title' => '', ], 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '923CA5E8-57BF-5E15-8BA6-E75A966B7E3F', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"Task\\": {\\n \\"Status\\": \\"Success\\",\\n \\"TaskId\\": \\"t-shfqw1u1edszvxw5****\\",\\n \\"EndTime\\": \\"2021-11-05T02:58:08Z\\",\\n \\"PrincipalId\\": \\"u-00q8wbq42wiltcrk****\\",\\n \\"TargetPath\\": \\"rd-3G****/r-Wm****/114240524784****\\",\\n \\"StartTime\\": \\"2021-11-05T02:58:07Z\\",\\n \\"PrincipalName\\": \\"Alice\\",\\n \\"TargetName\\": \\"dev-test\\",\\n \\"TargetId\\": \\"114240524784****\\",\\n \\"AccessConfigurationName\\": \\"ECS-Admin\\",\\n \\"TargetPathName\\": \\"rd-3G****/root/dev-test\\",\\n \\"TaskType\\": \\"DeleteAccessAssignment\\",\\n \\"FailureReason\\": \\"No Permission.\\",\\n \\"TargetType\\": \\"RD-Account\\",\\n \\"AccessConfigurationId\\": \\"ac-00jhtfl8thteu6uj****\\",\\n \\"PrincipalType\\": \\"User\\"\\n },\\n \\"RequestId\\": \\"923CA5E8-57BF-5E15-8BA6-E75A966B7E3F\\"\\n}","errorExample":""},{"type":"xml","example":"\\n \\n Success\\n t-shfqw1u1edszvxw5****\\n 2021-11-05T02:58:08Z\\n u-00q8wbq42wiltcrk****\\n rd-3G****/r-Wm****/114240524784****\\n 2021-11-05T02:58:07Z\\n Alice\\n dev-test\\n 114240524784****\\n ECS-Admin\\n rd-3G****/root/dev-test\\n DeleteAccessAssignment\\n RD-Account\\n ac-00jhtfl8thteu6uj****\\n User\\n \\n 923CA5E8-57BF-5E15-8BA6-E75A966B7E3F\\n","errorExample":""}]', 'title' => 'GetTask', 'summary' => 'Queries information about an asynchronous task.', 'description' => 'This topic provides an example on how to query the information about the task whose ID is `t-shfqw1u1edszvxw5****`.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetTask', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'GetTaskStatus' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The directory ID.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'TaskId', 'in' => 'query', 'schema' => ['description' => 'The task ID.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 't-shfqw1u1edszvxw5****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The returned results.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '005F4623-AE53-504D-830F-44825F7DC211', 'title' => ''], 'TaskStatus' => [ 'description' => 'The status information about the task.'."\n", 'type' => 'object', 'properties' => [ 'Status' => ['description' => 'The task status. Valid values:'."\n" ."\n" .'* InProgress: The task is running.'."\n" .'* Success: The task is successful.'."\n" .'* Failed: The task failed.'."\n", 'type' => 'string', 'example' => 'Success', 'title' => ''], 'TaskId' => ['description' => 'The task ID.'."\n", 'type' => 'string', 'example' => 't-shfqw1u1edszvxw5****', 'title' => ''], 'EndTime' => ['description' => 'The end time of the task.'."\n", 'type' => 'string', 'example' => '2021-11-05T02:58:08Z', 'title' => ''], 'TaskType' => ['description' => 'The task type. Valid values:'."\n" ."\n" .'* ProvisionAccessConfiguration: An access configuration is provisioned.'."\n" .'* DeprovisionAccessConfiguration: An access configuration is de-provisioned.'."\n" .'* CreateAccessAssignment: Access permissions on an account in the resource directory are assigned.'."\n" .'* DeleteAccessAssignment: Access permissions on an account in the resource directory are removed.'."\n", 'type' => 'string', 'example' => 'DeleteAccessAssignment', 'title' => ''], 'FailureReason' => ['description' => 'The cause of the task failure.'."\n" ."\n" .'> This parameter is returned only when the value of `Status` is `Failed`.'."\n", 'type' => 'string', 'example' => 'No Permission.', 'title' => ''], 'StartTime' => ['description' => 'The start time of the task.'."\n", 'type' => 'string', 'example' => '2021-11-05T02:58:07Z', 'title' => ''], ], 'title' => '', ], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"005F4623-AE53-504D-830F-44825F7DC211\\",\\n \\"TaskStatus\\": {\\n \\"Status\\": \\"Success\\",\\n \\"TaskId\\": \\"t-shfqw1u1edszvxw5****\\",\\n \\"EndTime\\": \\"2021-11-05T02:58:08Z\\",\\n \\"TaskType\\": \\"DeleteAccessAssignment\\",\\n \\"FailureReason\\": \\"No Permission.\\",\\n \\"StartTime\\": \\"2021-11-05T02:58:07Z\\"\\n }\\n}","errorExample":""},{"type":"xml","example":"\\n 005F4623-AE53-504D-830F-44825F7DC211\\n \\n Success\\n t-shfqw1u1edszvxw5****\\n 2021-11-05T02:58:08Z\\n DeleteAccessAssignment\\n 2021-11-05T02:58:07Z\\n \\n","errorExample":""}]', 'title' => 'GetTaskStatus', 'summary' => 'Queries the status of an asynchronous task.', 'description' => 'You can call the GetTaskStatus operation to query the status of an asynchronous task. If you want to query more information about an asynchronous task, call the [GetTask](~~340670~~) operation.'."\n" ."\n" .'This topic provides an example on how to query the information about the task whose ID is `t-shfqw1u1edszvxw5****`.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetTaskStatus', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'GetUser' => [ 'summary' => 'Queries the information about a user.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'UserId', 'in' => 'query', 'schema' => ['description' => 'The user ID.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], ], [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The CloudSSO directory ID.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'User' => [ 'description' => 'The information about the user.', 'type' => 'object', 'properties' => [ 'Status' => ['description' => 'The status of the user. Valid values:'."\n" ."\n" .'- Enabled'."\n" ."\n" .'- Disabled', 'type' => 'string', 'example' => 'Enabled', 'title' => ''], 'UserName' => ['description' => 'The username.', 'type' => 'string', 'example' => 'Alice', 'title' => ''], 'Email' => ['description' => 'The email address of the user.', 'type' => 'string', 'example' => 'Alice@example.com', 'title' => ''], 'Description' => ['description' => 'The description of the user.', 'type' => 'string', 'example' => 'This is a user.', 'title' => ''], 'UserId' => ['description' => 'The ID of the user.', 'type' => 'string', 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], 'FirstName' => ['description' => 'The first name of the user.', 'type' => 'string', 'example' => 'Alice', 'title' => ''], 'CreateTime' => ['description' => 'The time when the user was created. The time is in UTC.', 'type' => 'string', 'example' => '2021-10-26T03:03:42Z', 'title' => ''], 'ProvisionType' => ['description' => 'The type of the user. Valid values:'."\n" ."\n" .'- Manual: The user was created manually.'."\n" ."\n" .'- Synchronized: The user was synchronized from an external IdP.', 'type' => 'string', 'example' => 'Manual', 'title' => ''], 'DisplayName' => ['description' => 'The display name of the user.', 'type' => 'string', 'example' => 'Alice', 'title' => ''], 'UpdateTime' => ['description' => 'The time when the user was last modified. The time is in UTC.', 'type' => 'string', 'example' => '2021-10-26T06:43:55Z', 'title' => ''], 'LastName' => ['description' => 'The last name of the user.', 'type' => 'string', 'example' => 'Lee', 'title' => ''], 'ExternalId' => [ 'description' => 'The information about the user identifier from an external IdP.', 'type' => 'object', 'properties' => [ 'Id' => ['description' => 'The user identifier from the external IdP.', 'type' => 'string', 'example' => 'c73******a5fdd5', 'title' => ''], 'Issuer' => ['description' => 'The channel for external user synchronization. Only SCIM synchronization is supported.', 'type' => 'string', 'example' => 'SCIM', 'title' => ''], ], 'title' => '', 'example' => '', ], 'Tags' => [ 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Key' => ['description' => 'The tag key.', 'type' => 'string', 'title' => '', 'example' => ''], 'Value' => ['description' => 'The tag value.', 'type' => 'string', 'title' => '', 'example' => ''], ], 'description' => 'The tag attached to the user.', 'title' => '', 'example' => '', ], 'description' => 'The tags attached to the user.', 'title' => '', 'example' => '', ], ], 'title' => '', 'example' => '', ], 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'EE42D2C4-A30A-59B7-ACEB-6D22FB44174A', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"User\\": {\\n \\"Status\\": \\"Enabled\\",\\n \\"UserName\\": \\"Alice\\",\\n \\"Email\\": \\"Alice@example.com\\",\\n \\"Description\\": \\"This is a user.\\",\\n \\"UserId\\": \\"u-00q8wbq42wiltcrk****\\",\\n \\"FirstName\\": \\"Alice\\",\\n \\"CreateTime\\": \\"2021-10-26T03:03:42Z\\",\\n \\"ProvisionType\\": \\"Manual\\",\\n \\"DisplayName\\": \\"Alice\\",\\n \\"UpdateTime\\": \\"2021-10-26T06:43:55Z\\",\\n \\"LastName\\": \\"Lee\\",\\n \\"ExternalId\\": {\\n \\"Id\\": \\"c73******a5fdd5\\",\\n \\"Issuer\\": \\"SCIM\\"\\n },\\n \\"Tags\\": [\\n {\\n \\"Key\\": \\"\\",\\n \\"Value\\": \\"\\"\\n }\\n ]\\n },\\n \\"RequestId\\": \\"EE42D2C4-A30A-59B7-ACEB-6D22FB44174A\\"\\n}","type":"json"}]', 'title' => 'GetUser', 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetUser', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], ], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetUser'], ], ], ], 'GetUserId' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'autoTest' => false, 'notSupportAutoTestReason' => '当前镇元能力不支持,http调用步骤不支持在header中引用步骤出参'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the resource directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'ExternalId', 'in' => 'query', 'style' => 'json', 'schema' => [ 'description' => 'The identifier information about the user that is synchronized from an external identity provider (IdP).', 'type' => 'object', 'properties' => [ 'Id' => ['description' => 'The identifier of the user that is synchronized from an external IdP.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'c73******a5fdd5', 'title' => ''], 'Issuer' => ['description' => 'The method for external identity synchronization. Only System for Cross-domain Identity Management (SCIM) synchronization is supported.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'SCIM', 'title' => ''], ], 'required' => true, 'docRequired' => true, 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'A3A41736-A050-50B6-ABC5-590F376A0044', 'title' => ''], 'UserId' => ['description' => 'The ID of the CloudSSO user.', 'type' => 'string', 'example' => 'u-d8d1iox****', 'title' => ''], ], 'description' => '', 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'GetUserId', 'summary' => 'Queries the ID of a user in a resource directory by using the ExternalId parameter.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetUserId'], ], ], 'ramActions' => [ [ 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetUserId', 'authLevel' => 'operate', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/*'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"A3A41736-A050-50B6-ABC5-590F376A0044\\",\\n \\"UserId\\": \\"u-d8d1iox****\\"\\n}","type":"json"}]', ], 'GetUserMFAAuthenticationSettings' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'UserId', 'in' => 'query', 'schema' => ['description' => 'The ID of the user.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], ], [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameter.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '5B598B62-85E6-5792-9DF1-246D251B07DA', 'title' => ''], 'UserMFAAuthenticationSettings' => ['description' => 'Indicates whether MFA is enabled for the user. Valid values:'."\n" ."\n" .'* Enabled'."\n" .'* Disabled'."\n", 'type' => 'string', 'example' => 'Enabled', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"5B598B62-85E6-5792-9DF1-246D251B07DA\\",\\n \\"UserMFAAuthenticationSettings\\": \\"Enabled\\"\\n}","errorExample":""},{"type":"xml","example":"\\n Enabled\\n 5B598B62-85E6-5792-9DF1-246D251B07DA\\n","errorExample":""}]', 'title' => 'GetUserMFAAuthenticationSettings', 'summary' => 'Queries the multi-factor authentication (MFA) setting of a single user.', 'description' => 'This topic provides an example on how to query the MFA setting of the user named `u-00q8wbq42wiltcrk****`. The returned result shows that MFA is enabled for the user.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetUserMFAAuthenticationSettings', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], ], ], 'GetUserProvisioning' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeCode' => '154714', 'abilityTreeNodes' => ['FEATUREram8EN4H0'], ], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the resource directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-003qew84****', 'title' => ''], ], [ 'name' => 'UserProvisioningId', 'in' => 'query', 'schema' => ['description' => 'The ID of the RAM user provisioning.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'up-002axzhapcbz6e63****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The returned results.'."\n", 'type' => 'object', 'properties' => [ 'UserProvisioning' => [ 'description' => 'The information about the RAM user provisioning.'."\n", 'type' => 'object', 'properties' => [ 'Status' => ['description' => 'The status of the RAM user provisioning. Valid values:'."\n" ."\n" .'* Enabled'."\n" .'* Disabled'."\n", 'type' => 'string', 'example' => 'Enabled', 'title' => ''], 'Description' => ['description' => 'The description.'."\n", 'type' => 'string', 'example' => 'This is a user provisioning.', 'title' => ''], 'UserProvisioningId' => ['description' => 'The ID of the RAM user provisioning.'."\n", 'type' => 'string', 'example' => 'up-002axzhapcbz6e63****', 'title' => ''], 'PrincipalId' => ['description' => 'The identity ID of the RAM user provisioning. Valid values:'."\n" ."\n" .'* If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user group (g-\\*\\*\\*\\*\\*\\*\\*\\*).'."\n" .'* If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user (u-\\*\\*\\*\\*\\*\\*\\*\\*).'."\n", 'type' => 'string', 'example' => 'g-02ha881d*****', 'title' => ''], 'TargetPath' => ['description' => 'The path of the resource directory in which you create the RAM user provisioning for the member.'."\n", 'type' => 'string', 'example' => 'rd-******/root/test**', 'title' => ''], 'UpdateTime' => ['description' => 'The modification time.'."\n", 'type' => 'string', 'example' => '2022-11-28T03:55:42Z', 'title' => ''], 'DuplicationStrategy' => ['description' => 'The conflict handling policy. The policy is used when a RAM user has the same username as the CloudSSO user who is synchronized to RAM. Valid values:'."\n" ."\n" .'* KeepBoth: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system creates a RAM user whose username is the username of the CloudSSO user plus the suffix `_sso`.'."\n" .'* TakeOver: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system replaces the RAM user with the CloudSSO user.'."\n", 'type' => 'string', 'example' => 'KeepBoth', 'title' => ''], 'DeletionStrategy' => ['description' => 'The deletion policy. The policy is used to manage synchronized users when you delete the RAM user provisioning. Valid values:'."\n" ."\n" .'* Delete: When you delete the RAM user provisioning, the system deletes the synchronized users.'."\n" .'* Keep: When you delete the RAM user provisioning, the system retains the synchronized users.'."\n", 'type' => 'string', 'example' => 'Delete', 'title' => ''], 'PrincipalName' => ['description' => 'The identity name of the RAM user provisioning. Valid values:'."\n" ."\n" .'* If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user group.'."\n" .'* If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user.'."\n", 'type' => 'string', 'example' => 'testGroupName', 'title' => ''], 'TargetName' => ['description' => 'The name of the object for which you create the RAM user provisioning. The value is fixed as the name of the member in the resource directory.'."\n", 'type' => 'string', 'example' => 'testRdMember', 'title' => ''], 'TargetId' => ['description' => 'The ID of the object for which you create the RAM user provisioning. The value is fixed as the ID of the member in the resource directory.'."\n", 'type' => 'string', 'example' => '1743382******', 'title' => ''], 'CreateTime' => ['description' => 'The creation time.'."\n", 'type' => 'string', 'example' => '2022-11-28T03:55:42Z', 'title' => ''], 'DirectoryId' => ['description' => 'The ID of the resource directory.'."\n", 'type' => 'string', 'example' => 'd-003qew84****', 'title' => ''], 'OwnerPk' => ['description' => 'The ID of the Alibaba Cloud account to which the resource directory belongs.'."\n", 'type' => 'string', 'example' => '1639738******', 'title' => ''], 'TargetType' => ['description' => 'The object for which you create the RAM user provisioning. The value is fixed as `RD-Account`.'."\n", 'type' => 'string', 'example' => 'RD-Account', 'title' => ''], 'PrincipalType' => ['description' => 'The identity type of the RAM user provisioning. Valid values:'."\n" ."\n" .'* User: indicates that the identity of the RAM user provisioning is a CloudSSO user.'."\n" .'* Group: indicates that the identity of the RAM user provisioning is a CloudSSO user group.'."\n", 'type' => 'string', 'example' => 'Group', 'title' => ''], ], 'title' => '', ], 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => 'F6F90F3D-4502-5877-B80B-97476F6AE2CC', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"UserProvisioning\\": {\\n \\"Status\\": \\"Enabled\\",\\n \\"Description\\": \\"This is a user provisioning.\\",\\n \\"UserProvisioningId\\": \\"up-002axzhapcbz6e63****\\",\\n \\"PrincipalId\\": \\"g-02ha881d*****\\",\\n \\"TargetPath\\": \\"rd-******/root/test**\\",\\n \\"UpdateTime\\": \\"2022-11-28T03:55:42Z\\",\\n \\"DuplicationStrategy\\": \\"KeepBoth\\",\\n \\"DeletionStrategy\\": \\"Delete\\",\\n \\"PrincipalName\\": \\"testGroupName\\",\\n \\"TargetName\\": \\"testRdMember\\",\\n \\"TargetId\\": \\"1743382******\\",\\n \\"CreateTime\\": \\"2022-11-28T03:55:42Z\\",\\n \\"DirectoryId\\": \\"d-003qew84****\\",\\n \\"OwnerPk\\": \\"1639738******\\",\\n \\"TargetType\\": \\"RD-Account\\",\\n \\"PrincipalType\\": \\"Group\\"\\n },\\n \\"RequestId\\": \\"F6F90F3D-4502-5877-B80B-97476F6AE2CC\\"\\n}","errorExample":""},{"type":"xml","example":"","errorExample":""}]', 'title' => 'GetUserProvisioning', 'summary' => 'Queries a Resource Access Management (RAM) user provisioning.', 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetUserProvisioning', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/{#UserProvisioningId}'], ], ], ], ], ], 'GetUserProvisioningConfiguration' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the resource directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The returned results.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '66898413-EB80-556D-9429-06FE3548F672', 'title' => ''], 'UserProvisioningConfiguration' => [ 'description' => 'The global configurations of the RAM user provisioning.'."\n", 'type' => 'object', 'properties' => [ 'SessionDuration' => ['description' => 'The duration of the logon session.'."\n" ."\n" .'Unit: hours.'."\n" ."\n" .'Valid values: 1 to 24.'."\n" ."\n" .'Default value: 6.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '10', 'title' => ''], 'CreateTime' => ['description' => 'The creation time.'."\n", 'type' => 'string', 'example' => '2022-11-28T03:55:42Z', 'title' => ''], 'DirectoryId' => ['description' => 'The ID of the resource directory.'."\n", 'type' => 'string', 'example' => 'd-00fc2p61****', 'title' => ''], 'DefaultLandingPage' => ['description' => 'The default URL for a CloudSSO user who logs on to the Alibaba Cloud Management Console.'."\n" ."\n" .'Default value: https://homenew.console.aliyun.com.'."\n", 'type' => 'string', 'example' => 'https://homenew.console.aliyun.com', 'title' => ''], 'UpdateTime' => ['description' => 'The modification time.'."\n", 'type' => 'string', 'example' => '2022-11-28T03:55:42Z', 'title' => ''], ], 'title' => '', ], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"66898413-EB80-556D-9429-06FE3548F672\\",\\n \\"UserProvisioningConfiguration\\": {\\n \\"SessionDuration\\": 10,\\n \\"CreateTime\\": \\"2022-11-28T03:55:42Z\\",\\n \\"DirectoryId\\": \\"d-00fc2p61****\\",\\n \\"DefaultLandingPage\\": \\"https://homenew.console.aliyun.com\\",\\n \\"UpdateTime\\": \\"2022-11-28T03:55:42Z\\"\\n }\\n}","errorExample":""},{"type":"xml","example":"\\n 66898413-EB80-556D-9429-06FE3548F672\\n \\n 10\\n 2022-11-28T03:55:42Z\\n 2022-11-28T03:55:42Z\\n d-00fc2p61****\\n https://home.console.aliyun.com/home/dashboard/ProductAndService\\n -\\n 2022-11-28T03:55:42Z\\n 2022-11-28T03:55:42Z\\n \\n","errorExample":""}]', 'title' => 'GetUserProvisioningConfiguration', 'summary' => 'Queries the global configurations of a Resource Access Management (RAM) user provisioning.', 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetUserProvisioningConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'GetUserProvisioningEvent' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'EventId', 'in' => 'query', 'schema' => ['description' => 'The ID of the RAM user provisioning event.'."\n" ."\n" .'You can call the [ListUserProvisioningEvents](~~2636305~~) operation to query the value of `EventId`.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'upe-wjKyNDmZvyZOiRcJ****', 'title' => ''], ], [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the resource directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-003qew84****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => 'B801715C-97EA-3067-AC97-EF1EBECBB39C', 'title' => ''], 'UserProvisioningEvent' => [ 'description' => 'The RAM user provisioning event.'."\n", 'type' => 'object', 'properties' => [ 'UserProvisioningId' => ['description' => 'The ID of the RAM user provisioning event.'."\n", 'type' => 'string', 'example' => 'up-002axzhapcbz6e63****', 'title' => ''], 'PrincipalId' => ['description' => 'The identity ID of the RAM user provisioning. Valid values:'."\n" ."\n" .'* If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user group (g-\\*\\*\\*\\*\\*\\*\\*\\*).'."\n" .'* If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user (u-\\*\\*\\*\\*\\*\\*\\*\\*).'."\n", 'type' => 'string', 'example' => 'g-02ha881d*****', 'title' => ''], 'TargetPath' => ['description' => 'The path of the resource directory in which you create the RAM user provisioning for the object.'."\n", 'type' => 'string', 'example' => 'rd-******/root/test**', 'title' => ''], 'ErrorInfo' => ['description' => 'The error message that is displayed when the last execution of the RAM user provisioning event failed.'."\n", 'type' => 'string', 'example' => 'OperationConflict.UserProvisioning.Process.fail.ImsUserExists', 'title' => ''], 'SourceType' => ['description' => 'The type of the source operation. Valid values:'."\n" ."\n" .'* StartProvisioning: enables the RAM user provisioning.'."\n" .'* DeleteProvisioning: deletes the RAM user provisioning.'."\n" .'* AddUserToGroup: adds a user to a user group.'."\n" .'* RemoveUserFromGroup: removes a user from a user group.'."\n" .'* UserProvisioningDeletionClearing: deletes the RAM user provisioning and clears resources in the background.'."\n", 'type' => 'string', 'example' => 'AddUserToGroup', 'title' => ''], 'UpdateTime' => ['description' => 'The modification time. The time is displayed in UTC.'."\n", 'type' => 'string', 'example' => '2022-11-28T03:55:42Z', 'title' => ''], 'DuplicationStrategy' => ['description' => 'The conflict handling policy. The policy is used when a RAM user has the same username as the CloudSSO user who is synchronized to RAM. Valid values:'."\n" ."\n" .'* KeepBoth: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system creates a RAM user whose username is the username of the CloudSSO user plus the suffix `_sso`.'."\n" .'* TakeOver: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system replaces the RAM user with the CloudSSO user.'."\n", 'type' => 'string', 'example' => 'KeepBoth', 'title' => ''], 'DeletionStrategy' => ['description' => 'The deletion policy. The policy is used to manage synchronized users when you delete the RAM user provisioning. Valid values:'."\n" ."\n" .'* Delete: When you delete the RAM user provisioning, the system deletes the synchronized users.'."\n" .'* Keep: When you delete the RAM user provisioning, the system retains the synchronized users.'."\n", 'type' => 'string', 'example' => 'Delete', 'title' => ''], 'PrincipalName' => ['description' => 'The identity name of the RAM user provisioning. Valid values:'."\n" ."\n" .'* If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user group.'."\n" .'* If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user.'."\n", 'type' => 'string', 'example' => 'exampleGroupName', 'title' => ''], 'TargetName' => ['description' => 'The name of the object for which you create the RAM user provisioning.'."\n" ."\n" .'The value is fixed as the name of the member in the resource directory.````'."\n", 'type' => 'string', 'example' => 'exampleRdMember', 'title' => ''], 'ErrorCount' => ['description' => 'The number of execution failures.'."\n", 'type' => 'integer', 'format' => 'int64', 'example' => '3', 'title' => ''], 'TargetId' => ['description' => 'The ID of the object for which you create the RAM user provisioning.'."\n" ."\n" .'The value is fixed as the ID of the member in the resource directory.````'."\n", 'type' => 'string', 'example' => '1743382******', 'title' => ''], 'CreateTime' => ['description' => 'The creation time. The time is displayed in UTC.'."\n", 'type' => 'string', 'example' => '2022-11-28T03:55:42Z', 'title' => ''], 'DirectoryId' => ['description' => 'The ID of the resource directory.'."\n", 'type' => 'string', 'example' => 'd-003qew84****', 'title' => ''], 'TargetType' => ['description' => 'The object for which you create the RAM user provisioning. The value is fixed as `RD-Account`.'."\n", 'type' => 'string', 'example' => 'RD-Account', 'title' => ''], 'EventId' => ['description' => 'The ID of the RAM user provisioning event.'."\n", 'type' => 'string', 'example' => 'upe-wjKyNDmZvyZOiRcJ****', 'title' => ''], 'PrincipalType' => ['description' => 'The identity type of the RAM user provisioning. Valid values:'."\n" ."\n" .'* User: The identity of the RAM user provisioning is a CloudSSO user.'."\n" .'* Group: The identity of the RAM user provisioning is a CloudSSO user group.'."\n", 'type' => 'string', 'example' => 'Group', 'title' => ''], 'LatestAsyncTime' => ['description' => 'The time at which the RAM user provisioning event was last executed. The time is displayed in UTC.'."\n", 'type' => 'string', 'example' => '2022-11-28T03:55:42Z', 'title' => ''], ], 'title' => '', ], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"B801715C-97EA-3067-AC97-EF1EBECBB39C\\",\\n \\"UserProvisioningEvent\\": {\\n \\"UserProvisioningId\\": \\"up-002axzhapcbz6e63****\\",\\n \\"PrincipalId\\": \\"g-02ha881d*****\\",\\n \\"TargetPath\\": \\"rd-******/root/test**\\",\\n \\"ErrorInfo\\": \\"OperationConflict.UserProvisioning.Process.fail.ImsUserExists\\",\\n \\"SourceType\\": \\"AddUserToGroup\\",\\n \\"UpdateTime\\": \\"2022-11-28T03:55:42Z\\",\\n \\"DuplicationStrategy\\": \\"KeepBoth\\",\\n \\"DeletionStrategy\\": \\"Delete\\",\\n \\"PrincipalName\\": \\"exampleGroupName\\",\\n \\"TargetName\\": \\"exampleRdMember\\",\\n \\"ErrorCount\\": 3,\\n \\"TargetId\\": \\"1743382******\\",\\n \\"CreateTime\\": \\"2022-11-28T03:55:42Z\\",\\n \\"DirectoryId\\": \\"d-003qew84****\\",\\n \\"TargetType\\": \\"RD-Account\\",\\n \\"EventId\\": \\"upe-wjKyNDmZvyZOiRcJ****\\",\\n \\"PrincipalType\\": \\"Group\\",\\n \\"LatestAsyncTime\\": \\"2022-11-28T03:55:42Z\\"\\n }\\n}","errorExample":""},{"type":"xml","example":"\\n 69A4AB33-****-****-****-29AA0B56****\\n \\n up-002axzhapcbz6e63****\\n g-02ha881d*****\\n /\\n AddUserToGroup\\n 2022-11-28T03:55:42Z\\n 2022-11-28T03:55:42Z\\n KeepBoth\\n Delete\\n testRdMember\\n testGroupName\\n 3\\n 1743382******\\n 2022-11-28T03:55:42Z\\n 2022-11-28T03:55:42Z\\n d-003qew84****\\n RD-Account\\n upe-wjKyNDmZvyZOiRcJ****\\n Group\\n 2022-11-28T03:55:42Z\\n \\n","errorExample":""}]', 'title' => 'GetUserProvisioningEvent', 'summary' => 'Queries the information about a Resource Access Management (RAM) user provisioning.', 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetUserProvisioningEvent', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/{#UserProvisioningId}'], ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/*'], ], ], ], ], ], 'GetUserProvisioningRdAccountStatistics' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the resource directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-003qew84****', 'title' => ''], ], [ 'name' => 'RdMemberId', 'in' => 'query', 'schema' => ['description' => 'The ID of the member in the resource directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => '1743382******', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The returned results.'."\n", 'type' => 'object', 'properties' => [ 'UserProvisioningStatistics' => [ 'description' => 'The statistics of the RAM user provisioning.'."\n", 'type' => 'object', 'properties' => [ 'EntityId' => ['description' => 'The entity ID, which is the ID of the member in the resource directory.'."\n", 'type' => 'string', 'example' => '1743382******', 'title' => ''], 'Type' => ['description' => 'The entity type. The value is fixed as `RD Account`.'."\n", 'type' => 'string', 'example' => 'RD Account', 'title' => ''], 'DirectoryId' => ['description' => 'The ID of the resource directory.'."\n", 'type' => 'string', 'example' => 'd-003qew84****', 'title' => ''], 'FailedEventCount' => ['description' => 'The number of failed RAM user provisioning events.'."\n", 'type' => 'integer', 'format' => 'int64', 'example' => '4', 'title' => ''], 'OwnerPk' => ['description' => 'The ID of the Alibaba Cloud account to which the resource directory belongs.'."\n", 'type' => 'string', 'example' => '1639738******', 'title' => ''], 'LatestAsyncTime' => ['description' => 'The time when the RAM user provisioning was last performed.'."\n", 'type' => 'string', 'example' => '2022-11-28T03:55:42Z', 'title' => ''], ], 'title' => '', ], 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => 'F6F90F3D-4502-5877-B80B-97476F6AE2CC', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"UserProvisioningStatistics\\": {\\n \\"EntityId\\": \\"1743382******\\",\\n \\"Type\\": \\"RD Account\\",\\n \\"DirectoryId\\": \\"d-003qew84****\\",\\n \\"FailedEventCount\\": 4,\\n \\"OwnerPk\\": \\"1639738******\\",\\n \\"LatestAsyncTime\\": \\"2022-11-28T03:55:42Z\\"\\n },\\n \\"RequestId\\": \\"F6F90F3D-4502-5877-B80B-97476F6AE2CC\\"\\n}","errorExample":""},{"type":"xml","example":"\\n \\n 1743382******\\n RD-Account\\n d-003qew84****\\n 4\\n 1639738******\\n 2022-11-28T03:55:42Z\\n \\n 69A4AB33-****-****-****-29AA0B56****\\n","errorExample":""}]', 'title' => 'GetUserProvisioningRdAccountStatistics', 'summary' => 'Queries statistics of Resource Access Management (RAM) user provisioning events that are created for the member in a resource directory.', 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetUserProvisioningRdAccountStatistics', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Account', 'arn' => 'acs:resourcemanager::{#accountId}:account/{#AccountId}'], ], ], ], ], ], 'GetUserProvisioningStatistics' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'get', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the resource directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-003qew84****', 'title' => ''], ], [ 'name' => 'UserProvisioningId', 'in' => 'query', 'schema' => ['description' => 'The ID of the RAM user provisioning.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'up-002axzhapcbz6e63****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The returned results.'."\n", 'type' => 'object', 'properties' => [ 'UserProvisioningStatistics' => [ 'description' => 'The statistics of the RAM user provisioning.'."\n", 'type' => 'object', 'properties' => [ 'EntityId' => ['description' => 'The entity ID, which is the ID of the RAM user provisioning.'."\n", 'type' => 'string', 'example' => 'up-002axzhapcbz6e63****', 'title' => ''], 'Type' => ['description' => 'The entity type. The value is fixed as `User Provisioning`.'."\n", 'type' => 'string', 'example' => 'User Provisioning', 'title' => ''], 'DirectoryId' => ['description' => 'The ID of the resource directory.'."\n", 'type' => 'string', 'example' => 'd-003qew84****', 'title' => ''], 'FailedEventCount' => ['description' => 'The number of failed RAM user provisioning events that are associated with the RAM user provisioning.'."\n", 'type' => 'integer', 'format' => 'int64', 'example' => '3', 'title' => ''], 'OwnerPk' => ['description' => 'The ID of the Alibaba Cloud account to which the resource directory belongs.'."\n", 'type' => 'string', 'example' => '139665787317****', 'title' => ''], 'LatestAsyncTime' => ['description' => 'The time when the RAM user provisioning was last performed.'."\n", 'type' => 'string', 'example' => '2022-11-28T03:55:42Z', 'title' => ''], ], 'title' => '', ], 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => 'F6F90F3D-4502-5877-B80B-97476F6AE2CC', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"UserProvisioningStatistics\\": {\\n \\"EntityId\\": \\"up-002axzhapcbz6e63****\\",\\n \\"Type\\": \\"User Provisioning\\",\\n \\"DirectoryId\\": \\"d-003qew84****\\",\\n \\"FailedEventCount\\": 3,\\n \\"OwnerPk\\": \\"139665787317****\\",\\n \\"LatestAsyncTime\\": \\"2022-11-28T03:55:42Z\\"\\n },\\n \\"RequestId\\": \\"F6F90F3D-4502-5877-B80B-97476F6AE2CC\\"\\n}","errorExample":""},{"type":"xml","example":"\\n \\n up-002axzhapcbz6e63****\\n User Provisioning\\n d-003qew84****\\n 3\\n 139665787317****\\n 2022-11-28T03:55:42Z\\n \\n 69A4AB33-****-****-****-29AA0B56****\\n","errorExample":""}]', 'title' => 'GetUserProvisioningStatistics', 'summary' => 'Queries the statistics of a Resource Access Management (RAM) user provisioning.', 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetUserProvisioningStatistics', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/{#UserProvisioningId}'], ], ], ], ], ], 'ListAccessAssignments' => [ 'summary' => 'Queries the access permissions that are assigned.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The directory ID.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'AccessConfigurationId', 'in' => 'query', 'schema' => ['description' => 'The ID of the access configuration. The ID can be used to filter access permissions.', 'type' => 'string', 'required' => false, 'example' => 'ac-00jhtfl8thteu6uj****', 'title' => ''], ], [ 'name' => 'TargetType', 'in' => 'query', 'schema' => ['description' => 'The type of the task object. The type can be used to filter access permissions.'."\n" ."\n" .'Set the value to RD-Account, which specifies the accounts in the resource directory.'."\n" ."\n" .'> You can use the type to filter access permissions only if you specify both `TargetId` and `TargetType`.', 'type' => 'string', 'required' => false, 'example' => 'RD-Account', 'title' => ''], ], [ 'name' => 'TargetId', 'in' => 'query', 'schema' => ['description' => 'The ID of the task object. The ID can be used to filter access permissions.'."\n" ."\n" .'> You can use the type to filter access permissions only if you specify both `TargetId` and `TargetType`.', 'type' => 'string', 'required' => false, 'example' => '114240524784****', 'title' => ''], ], [ 'name' => 'PrincipalType', 'in' => 'query', 'schema' => ['description' => 'The type of the CloudSSO identity. The type can be used to filter access permissions. Valid values:'."\n" ."\n" .'- User'."\n" ."\n" .'- Group'."\n" ."\n" .'> You can use the type to filter access permissions only if you specify both PrincipalId and `PrincipalType`.\\`\\`', 'type' => 'string', 'required' => false, 'example' => 'User', 'title' => ''], ], [ 'name' => 'PrincipalId', 'in' => 'query', 'schema' => ['description' => 'The ID of the CloudSSO identity. The ID can be used to filter access permissions.'."\n" ."\n" .'- If you set `PrincipalType` to User, set `PrincipalId` to the ID of the CloudSSO user.'."\n" ."\n" .'- If you set `PrincipalType` to Group, set `PrincipalId` to the ID of the CloudSSO group.'."\n" ."\n" .'> You can use the type to filter access permissions only if you specify both PrincipalId and `PrincipalType`.\\`\\`', 'type' => 'string', 'required' => false, 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], ], [ 'name' => 'NextToken', 'in' => 'query', 'schema' => ['description' => 'The pagination token that is used in the next request to retrieve a new page of results. If this is your first time to call this operation, you do not need to specify the `NextToken` parameter.'."\n" ."\n" .'When you call this operation for the first time, if the total number of entries to return exceeds the value of `MaxResults`, the entries are truncated. Only the entries that match the value of `MaxResults` are returned, and the excess entries are not returned. In this case, the value of the response parameter `IsTruncated` is `true`, and `NextToken` is returned. In the next call, you can use the value of `NextToken` and maintain the settings of the other request parameters to query the excess entries. You can repeat the call until the value of `IsTruncated` becomes `false`. This way, all entries are returned.', 'type' => 'string', 'required' => false, 'example' => 'K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****', 'title' => ''], ], [ 'name' => 'MaxResults', 'in' => 'query', 'schema' => ['description' => 'The maximum number of entries per page.'."\n" ."\n" .'Valid values: 1 to 20.'."\n" ."\n" .'Default value: 10.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The returned results.', 'type' => 'object', 'properties' => [ 'NextToken' => ['description' => 'The returned value of NextToken is a pagination token, which can be used in the next request to retrieve a new page of results.'."\n" ."\n" .'> This parameter is returned only when the value of IsTruncated is `true`.\\`\\`', 'type' => 'string', 'example' => 'K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****', 'title' => ''], 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '66898413-EB80-556D-9429-06FE3548F672', 'title' => ''], 'MaxResults' => ['description' => 'The maximum number of entries returned per page.', 'type' => 'integer', 'format' => 'int32', 'example' => '10', 'title' => ''], 'TotalCounts' => ['description' => 'The total number of entries returned.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''], 'IsTruncated' => ['description' => 'Indicates whether the queried entries are truncated. Valid values:'."\n" ."\n" .'- true'."\n" ."\n" .'- false', 'type' => 'boolean', 'example' => 'false', 'title' => ''], 'AccessAssignments' => [ 'description' => 'The access permissions that are assigned.', 'type' => 'array', 'items' => [ 'description' => '', 'type' => 'object', 'properties' => [ 'AccessConfigurationName' => ['description' => 'The name of the access configuration.', 'type' => 'string', 'example' => 'ECS-Admin', 'title' => ''], 'TargetPathName' => ['description' => 'The path name of the task object in the resource directory.', 'type' => 'string', 'example' => 'rd-3G****/root/dev-test', 'title' => ''], 'PrincipalId' => ['description' => 'The ID of the CloudSSO identity.', 'type' => 'string', 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], 'TargetPath' => ['description' => 'The path ID of the task object in the resource directory.', 'type' => 'string', 'example' => 'rd-3G****/r-Wm****/114240524784****', 'title' => ''], 'CreateTime' => ['description' => 'The time when the access permissions were assigned.', 'type' => 'string', 'example' => '2021-11-04T10:03:08Z', 'title' => ''], 'TargetType' => ['description' => 'The type of the task object.'."\n" ."\n" .'The value is fixed as RD-Account, which indicates the accounts in the resource directory.', 'type' => 'string', 'example' => 'RD-Account', 'title' => ''], 'PrincipalName' => ['description' => 'The name of the CloudSSO identity.', 'type' => 'string', 'example' => 'Alice', 'title' => ''], 'TargetName' => ['description' => 'The name of the task object.', 'type' => 'string', 'example' => 'dev-test', 'title' => ''], 'AccessConfigurationId' => ['description' => 'The ID of the access configuration.', 'type' => 'string', 'example' => 'ac-00jhtfl8thteu6uj****', 'title' => ''], 'PrincipalType' => ['description' => 'The type of the CloudSSO identity. Valid values:'."\n" ."\n" .'- User'."\n" ."\n" .'- Group', 'type' => 'string', 'example' => 'User', 'title' => ''], 'TargetId' => ['description' => 'The ID of the task object.', 'type' => 'string', 'example' => '114240524784****', 'title' => ''], ], 'title' => '', 'example' => '', ], 'title' => '', 'example' => '', ], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"NextToken\\": \\"K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****\\",\\n \\"RequestId\\": \\"66898413-EB80-556D-9429-06FE3548F672\\",\\n \\"MaxResults\\": 10,\\n \\"TotalCounts\\": 1,\\n \\"IsTruncated\\": false,\\n \\"AccessAssignments\\": [\\n {\\n \\"AccessConfigurationName\\": \\"ECS-Admin\\",\\n \\"TargetPathName\\": \\"rd-3G****/root/dev-test\\",\\n \\"PrincipalId\\": \\"u-00q8wbq42wiltcrk****\\",\\n \\"TargetPath\\": \\"rd-3G****/r-Wm****/114240524784****\\",\\n \\"CreateTime\\": \\"2021-11-04T10:03:08Z\\",\\n \\"TargetType\\": \\"RD-Account\\",\\n \\"PrincipalName\\": \\"Alice\\",\\n \\"TargetName\\": \\"dev-test\\",\\n \\"AccessConfigurationId\\": \\"ac-00jhtfl8thteu6uj****\\",\\n \\"PrincipalType\\": \\"User\\",\\n \\"TargetId\\": \\"114240524784****\\"\\n }\\n ]\\n}","type":"json"}]', 'title' => 'ListAccessAssignments', 'description' => 'This topic provides an example on how to query the assigned access permissions on the account `114240524784****` in your resource directory. The returned result shows that access permissions on the account in your resource directory is assigned to one user.', 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListAccessAssignments', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'All Resource', 'arn' => '*'], ], ], ], ], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListAccessAssignments'], ], ], ], 'ListAccessConfigurationProvisionings' => [ 'summary' => 'Queries the access configurations that are provisioned.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'AccessConfigurationId', 'in' => 'query', 'schema' => ['description' => 'The ID of the access configuration. The ID can be used to filter access permissions.', 'type' => 'string', 'required' => false, 'example' => 'ac-00ccule7tadaijxc****', 'title' => ''], ], [ 'name' => 'TargetType', 'in' => 'query', 'schema' => ['description' => 'The type of the task object. The type can be used to filter access permissions.'."\n" ."\n" .'Set the value to RD-Account, which specifies the accounts in the resource directory.'."\n" ."\n" .'> You can use the type to filter access permissions only if you specify both `TargetId` and `TargetType`.', 'type' => 'string', 'required' => false, 'example' => 'RD-Account', 'title' => ''], ], [ 'name' => 'TargetId', 'in' => 'query', 'schema' => ['description' => 'The ID of the task object. The ID can be used to filter access permissions.'."\n" ."\n" .'> You can use the type to filter access permissions only if you specify both `TargetId` and `TargetType`.', 'type' => 'string', 'required' => false, 'example' => '114240524784****', 'title' => ''], ], [ 'name' => 'ProvisioningStatus', 'in' => 'query', 'schema' => ['description' => 'The status of the access configuration. The value can be used to filter accounts. Valid values:'."\n" ."\n" .'- Provisioned: The access configuration is provisioned.'."\n" ."\n" .'- ReprovisionRequired: The access configuration needs to be re-provisioned.'."\n" ."\n" .'- DeprovisionFailed: The access configuration failed to be provisioned.', 'type' => 'string', 'required' => false, 'example' => 'Provisioned', 'title' => ''], ], [ 'name' => 'NextToken', 'in' => 'query', 'schema' => ['description' => 'The returned value of NextToken is a pagination token, which can be used in the next request to retrieve a new page of results. If this is your first time to call this operation, you do not need to specify the `NextToken` parameter.'."\n" ."\n" .'When you call this operation for the first time, if the total number of entries to return exceeds the value of `MaxResults`, the entries are truncated. Only the entries that match the value of `MaxResults` are returned, and the excess entries are not returned. In this case, the value of the response parameter `IsTruncated` is `true`, and `NextToken` is returned. In the next call, you can use the value of `NextToken` and maintain the settings of the other request parameters to query the excess entries. You can repeat the call until the value of `IsTruncated` becomes `false`. This way, all entries are returned.', 'type' => 'string', 'required' => false, 'example' => 'K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****', 'title' => ''], ], [ 'name' => 'MaxResults', 'in' => 'query', 'schema' => ['description' => 'The maximum number of entries per page.'."\n" ."\n" .'Valid values: 1 to 20.'."\n" ."\n" .'Default value: 10.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The returned results.', 'type' => 'object', 'properties' => [ 'NextToken' => ['description' => 'The returned value of NextToken is a pagination token, which can be used in the next request to retrieve a new page of results.'."\n" ."\n" .'> This parameter is returned only when the value of `IsTruncated` is `true`.', 'type' => 'string', 'example' => 'K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****', 'title' => ''], 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '6BA1BDF1-D845-5D2C-B742-74BE2970E4C1', 'title' => ''], 'AccessConfigurationProvisionings' => [ 'description' => 'The accounts for which the access configuration is provisioned.', 'type' => 'array', 'items' => [ 'description' => '', 'type' => 'object', 'properties' => [ 'Status' => ['description' => 'The status of the access configuration. Valid values:'."\n" ."\n" .'- Provisioned: The access configuration is provisioned.'."\n" ."\n" .'- ReprovisionRequired: The access configuration needs to be re-provisioned.'."\n" ."\n" .'- DeprovisionFailed: The access configuration failed to be provisioned.', 'type' => 'string', 'example' => 'Provisioned', 'title' => ''], 'SAMLProviderName' => ['description' => 'The name of the Security Assertion Markup Language (SAML) identity provider (IdP) that is created within an account in the resource directory.', 'type' => 'string', 'example' => 'AliyunReservedSSO-d-00fc2p61****', 'title' => ''], 'TargetPath' => ['description' => 'The path ID of the task object in the resource directory.', 'type' => 'string', 'example' => 'rd-3G****/r-Wm****/fd-pjM8oy****/101522521960****', 'title' => ''], 'CreateTime' => ['description' => 'The first time when the access configuration was provisioned.', 'type' => 'string', 'example' => '2021-07-26T08:54:14Z', 'title' => ''], 'TargetName' => ['description' => 'The name of the task object.', 'type' => 'string', 'example' => 'SharedServices_5009****', 'title' => ''], 'TargetId' => ['description' => 'The ID of the task object.'."\n" ."\n" .'If the value of TargetType is `RD-Account`, the value of this parameter is the UID of an account in the resource directory.', 'type' => 'string', 'example' => '101522521960****', 'title' => ''], 'RAMRoleName' => ['description' => 'The name of the RAM role that is created for an account in the resource directory.', 'type' => 'string', 'example' => 'AliyunReservedSSO-VPC-Admin', 'title' => ''], 'AccessConfigurationName' => ['description' => 'The name of the access configuration.', 'type' => 'string', 'example' => 'VPC-Admin', 'title' => ''], 'TargetPathName' => ['description' => 'The path name of the task object in the resource directory.', 'type' => 'string', 'example' => 'rd-3G****/root/Core/SharedServices_5009****', 'title' => ''], 'TargetType' => ['description' => 'The type of the task object.'."\n" ."\n" .'Set the value to RD-Account, which specifies the accounts in the resource directory.', 'type' => 'string', 'example' => 'RD-Account', 'title' => ''], 'UpdateTime' => ['description' => 'The last time when the access configuration was provisioned.', 'type' => 'string', 'example' => '2021-07-26T08:54:18Z', 'title' => ''], 'RAMPolicyNames' => [ 'description' => 'The name of the custom policy that is created for an account in the resource directory.', 'type' => 'array', 'items' => ['description' => 'The name of the custom policy that is created for an account in the resource directory.'."\n" ."\n" .'> This parameter is returned only if an inline policy is created for the access configuration.', 'type' => 'string', 'example' => 'AliyunReservedSSO-VPC-Admin-InlinePolicy', 'title' => ''], 'title' => '', 'example' => '', ], 'AccessConfigurationId' => ['description' => 'The ID of the access configuration.', 'type' => 'string', 'example' => 'ac-00ccule7tadaijxc****', 'title' => ''], ], 'title' => '', 'example' => '', ], 'title' => '', 'example' => '', ], 'MaxResults' => ['description' => 'The maximum number of entries returned per page.', 'type' => 'integer', 'format' => 'int32', 'example' => '10', 'title' => ''], 'IsTruncated' => ['description' => 'Indicates whether the queried entries are truncated. Valid values:'."\n" ."\n" .'- true'."\n" ."\n" .'- false', 'type' => 'boolean', 'example' => 'false', 'title' => ''], 'TotalCounts' => ['description' => 'The total number of entries returned.', 'type' => 'integer', 'format' => 'int32', 'example' => '2', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"NextToken\\": \\"K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****\\",\\n \\"RequestId\\": \\"6BA1BDF1-D845-5D2C-B742-74BE2970E4C1\\",\\n \\"AccessConfigurationProvisionings\\": [\\n {\\n \\"Status\\": \\"Provisioned\\",\\n \\"SAMLProviderName\\": \\"AliyunReservedSSO-d-00fc2p61****\\",\\n \\"TargetPath\\": \\"rd-3G****/r-Wm****/fd-pjM8oy****/101522521960****\\",\\n \\"CreateTime\\": \\"2021-07-26T08:54:14Z\\",\\n \\"TargetName\\": \\"SharedServices_5009****\\",\\n \\"TargetId\\": \\"101522521960****\\",\\n \\"RAMRoleName\\": \\"AliyunReservedSSO-VPC-Admin\\",\\n \\"AccessConfigurationName\\": \\"VPC-Admin\\",\\n \\"TargetPathName\\": \\"rd-3G****/root/Core/SharedServices_5009****\\",\\n \\"TargetType\\": \\"RD-Account\\",\\n \\"UpdateTime\\": \\"2021-07-26T08:54:18Z\\",\\n \\"RAMPolicyNames\\": [\\n \\"AliyunReservedSSO-VPC-Admin-InlinePolicy\\"\\n ],\\n \\"AccessConfigurationId\\": \\"ac-00ccule7tadaijxc****\\"\\n }\\n ],\\n \\"MaxResults\\": 10,\\n \\"IsTruncated\\": false,\\n \\"TotalCounts\\": 2\\n}","type":"json"}]', 'title' => 'ListAccessConfigurationProvisionings', 'description' => 'This topic provides an example on how to query the accounts for which the access permission `ac-00ccule7tadaijxc****` is provisioned. The returned result shows that the access configuration is provisioned for two accounts in your resource directory.', 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListAccessConfigurationProvisionings', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/*'], ], ], ], ], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListAccessConfigurationProvisionings'], ], ], ], 'ListAccessConfigurations' => [ 'summary' => 'Queries a list of access configurations.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the folder.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'NextToken', 'in' => 'query', 'schema' => ['description' => 'The pagination token that is used in the next request to retrieve a new page of results. You do not need to specify this parameter for the first request.'."\n" ."\n" .'If the number of results exceeds the value of `MaxResults`, the response is truncated. The `IsTruncated` parameter is set to `true`, and a `NextToken` is returned. You can use the `NextToken` in a subsequent request with the same parameters to retrieve the next page of results. Repeat this process until `IsTruncated` is `false` to query all results.', 'type' => 'string', 'required' => false, 'example' => 'K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****', 'title' => ''], ], [ 'name' => 'MaxResults', 'in' => 'query', 'schema' => ['description' => 'The maximum number of entries to return on each page.'."\n" ."\n" .'Valid values: 1 to 100.'."\n" ."\n" .'Default value: 10.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', 'title' => ''], ], [ 'name' => 'Filter', 'in' => 'query', 'schema' => ['description' => 'The filter condition.'."\n" ."\n" .'The format is ` ` . The filter is not case-sensitive. The `` only supports `AccessConfigurationName`. The `` only supports `eq` (equal to) and `sw` (starts with).'."\n" ."\n" .'Examples:'."\n" ."\n" .'If you configure this parameter to `AccessConfigurationName sw test`, the system queries all access configurations whose names start with `test`. If you configure this parameter to `AccessConfigurationName eq TestAccessConfiguration`, the system queries the access configuration named `TestAccessConfiguration`.', 'type' => 'string', 'required' => false, 'example' => 'AccessConfigurationName sw test', 'title' => ''], ], [ 'name' => 'StatusNotifications', 'in' => 'query', 'schema' => ['description' => 'The status notification, which is used as a filter condition.'."\n" ."\n" .'A value of ReprovisionRequired returns only the access configurations that need to be reprovisioned.', 'type' => 'string', 'required' => false, 'example' => 'ReprovisionRequired', 'title' => ''], ], [ 'name' => 'Tags', 'in' => 'query', 'style' => 'repeatList', 'schema' => [ 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Key' => ['description' => 'The tag key.', 'type' => 'string', 'required' => false, 'title' => '', 'example' => ''], 'Value' => ['description' => 'The tag value.', 'type' => 'string', 'required' => false, 'title' => '', 'example' => ''], ], 'required' => false, 'description' => 'The tag attached to the access configuration.', 'title' => '', 'example' => '', ], 'required' => false, 'maxItems' => 21, 'description' => 'The tags attached to the access configuration.', 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'AccessConfigurations' => [ 'description' => 'The list of access configurations.', 'type' => 'array', 'items' => [ 'description' => 'The details of the access configuration.', 'type' => 'object', 'properties' => [ 'AccessConfigurationName' => ['description' => 'The name of the access configuration.', 'type' => 'string', 'example' => 'ECS-Admin', 'title' => ''], 'SessionDuration' => ['description' => 'The session duration.'."\n" ."\n" .'The maximum session duration for a CloudSSO user who uses the access configuration to access an account in your resource directory.'."\n" ."\n" .'Unit: seconds.', 'type' => 'integer', 'format' => 'int32', 'example' => '900', 'title' => ''], 'Description' => ['description' => 'The description of the access configuration.', 'type' => 'string', 'example' => 'This is an access configuration.', 'title' => ''], 'RelayState' => ['description' => 'The initial access page.'."\n" ."\n" .'This is the page that a CloudSSO user is redirected to after they uses the access configuration to access an account in your resource directory.', 'type' => 'string', 'example' => 'https://cloudsso.console.aliyun.com', 'title' => ''], 'CreateTime' => ['description' => 'The time when the access configuration was created.', 'type' => 'string', 'example' => '2021-11-02T08:44:23Z', 'title' => ''], 'UpdateTime' => ['description' => 'The time when the access configuration was last modified.', 'type' => 'string', 'example' => '2021-11-02T08:44:23Z', 'title' => ''], 'StatusNotifications' => [ 'description' => 'The status notifications.', 'type' => 'array', 'items' => ['description' => 'The status notification. Valid values:'."\n" ."\n" .'- Empty: No status notification was generated.'."\n" ."\n" .'- ReprovisionRequired: The access configuration needs to be reprovisioned.', 'type' => 'string', 'example' => 'ReprovisionRequired', 'title' => ''], 'title' => '', 'example' => '', ], 'AccessConfigurationId' => ['description' => 'The ID of the access configuration.', 'type' => 'string', 'example' => 'ac-00jhtfl8thteu6uj****', 'title' => ''], 'Tags' => [ 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Key' => ['description' => 'The tag key.', 'type' => 'string', 'title' => '', 'example' => ''], 'Value' => ['description' => 'The tag value.', 'type' => 'string', 'title' => '', 'example' => ''], ], 'description' => 'The tag attached to the access configuration.', 'title' => '', 'example' => '', ], 'description' => 'The tags attached to the access configuration.', 'title' => '', 'example' => '', ], ], 'title' => '', 'example' => '', ], 'title' => '', 'example' => '', ], 'NextToken' => ['description' => 'A pagination token. It can be used in the next request to retrieve a new page of results.'."\n" ."\n" .'> This parameter is returned only when `IsTruncated` is set to `true`.', 'type' => 'string', 'example' => 'K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****', 'title' => ''], 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '2BC0CBAC-45E1-5BD3-BF6E-F69D1D5391C2', 'title' => ''], 'MaxResults' => ['description' => 'The maximum number of entries returned per page.', 'type' => 'integer', 'format' => 'int32', 'example' => '10', 'title' => ''], 'TotalCounts' => ['description' => 'The total number of entries that meet the filter conditions.', 'type' => 'integer', 'format' => 'int32', 'example' => '2', 'title' => ''], 'IsTruncated' => ['description' => 'Indicates whether the response is truncated. Valid values:'."\n" ."\n" .'- true: The response was truncated.'."\n" ."\n" .'- false: The response was not truncated.', 'type' => 'boolean', 'example' => 'false', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"AccessConfigurations\\": [\\n {\\n \\"AccessConfigurationName\\": \\"ECS-Admin\\",\\n \\"SessionDuration\\": 900,\\n \\"Description\\": \\"This is an access configuration.\\",\\n \\"RelayState\\": \\"https://cloudsso.console.aliyun.com\\",\\n \\"CreateTime\\": \\"2021-11-02T08:44:23Z\\",\\n \\"UpdateTime\\": \\"2021-11-02T08:44:23Z\\",\\n \\"StatusNotifications\\": [\\n \\"ReprovisionRequired\\"\\n ],\\n \\"AccessConfigurationId\\": \\"ac-00jhtfl8thteu6uj****\\",\\n \\"Tags\\": [\\n {\\n \\"Key\\": \\"\\",\\n \\"Value\\": \\"\\"\\n }\\n ]\\n }\\n ],\\n \\"NextToken\\": \\"K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****\\",\\n \\"RequestId\\": \\"2BC0CBAC-45E1-5BD3-BF6E-F69D1D5391C2\\",\\n \\"MaxResults\\": 10,\\n \\"TotalCounts\\": 2,\\n \\"IsTruncated\\": false\\n}","type":"json"}]', 'title' => 'ListAccessConfigurations', 'description' => 'This topic provides an example of how to query the access configurations in the folder `d-00fc2p61****`. The response shows two access configurations: `VPC-Admin` and `ECS-Admin`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListAccessConfigurations'], ], ], 'ramActions' => [ [ 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListAccessConfigurations', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/*'], ], ], ], ], ], 'ListDirectories' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => [ 'operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free', 'abilityTreeCode' => '33222', 'abilityTreeNodes' => ['FEATUREramWYOP0E'], ], 'parameters' => [], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'Directories' => [ 'description' => 'The directories.'."\n", 'type' => 'array', 'items' => [ 'description' => 'The directory.'."\n", 'type' => 'object', 'properties' => [ 'DirectoryId' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'example' => 'd-00fc2p61****', 'title' => ''], 'CreateTime' => ['description' => 'The time when the directory was created.'."\n", 'type' => 'string', 'example' => '2021-06-30T08:35:26Z', 'title' => ''], 'UpdateTime' => ['description' => 'The time when the directory was modified.'."\n", 'type' => 'string', 'example' => '2021-10-25T09:13:24Z', 'title' => ''], 'Region' => ['description' => 'The region ID of the directory.'."\n", 'type' => 'string', 'example' => 'cn-shanghai', 'title' => ''], 'DirectoryName' => ['description' => 'The name of the directory.'."\n", 'type' => 'string', 'example' => 'new-example', 'title' => ''], ], 'title' => '', ], 'title' => '', ], 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '9A504392-F06D-5029-AB64-6654CB9F1DC1', 'title' => ''], 'TotalCounts' => ['description' => 'The number of directories.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"Directories\\": [\\n {\\n \\"DirectoryId\\": \\"d-00fc2p61****\\",\\n \\"CreateTime\\": \\"2021-06-30T08:35:26Z\\",\\n \\"UpdateTime\\": \\"2021-10-25T09:13:24Z\\",\\n \\"Region\\": \\"cn-shanghai\\",\\n \\"DirectoryName\\": \\"new-example\\"\\n }\\n ],\\n \\"RequestId\\": \\"9A504392-F06D-5029-AB64-6654CB9F1DC1\\",\\n \\"TotalCounts\\": 1\\n}","errorExample":""},{"type":"xml","example":"\\r\\n\\r\\n\\t\\r\\n\\t\\td-00fc2p61****\\r\\n\\t\\t2021-06-30T08:35:26Z\\r\\n\\t\\t2021-10-25T09:13:24Z\\r\\n\\t\\tcn-shanghai\\r\\n\\t\\tnew-example\\r\\n\\t\\r\\n\\t9A504392-F06D-5029-AB64-6654CB9F1DC1\\r\\n\\t1\\r\\n\\t\\r\\n","errorExample":""}]', 'title' => 'ListDirectories', 'summary' => 'Queries directories.', 'description' => 'This topic provides an example on how to query the directories within your Alibaba Cloud account. The returned result shows that only one directory with the ID `d-00fc2p61****` is created within your Alibaba Cloud account.'."\n", 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListDirectories'], ], ], 'ramActions' => [ [ 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListDirectories', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/*'], ], ], ], ], ], 'ListExternalSAMLIdPCertificates' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '400979BC-92EC-58B9-B47C-6913BD56A6FD', 'title' => ''], 'TotalCounts' => ['description' => 'The total number of entries returned.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''], 'SAMLIdPCertificates' => [ 'description' => 'The SAML signing certificates.'."\n", 'type' => 'array', 'items' => [ 'description' => 'The SAML signing certificate.'."\n", 'type' => 'object', 'properties' => [ 'SerialNumber' => ['description' => 'The serial number of the certificate.'."\n", 'type' => 'string', 'example' => '159289587****', 'title' => ''], 'Issuer' => ['description' => 'The issuer of the certificate.'."\n", 'type' => 'string', 'example' => '1.2.840.113549.1.9.1=#160d696e666f406f6b74612e63****,CN=dev-xxxxxx,OU=SSOProvider,O=Okta,L=San Francisco,ST=California,C=US', 'title' => ''], 'Version' => ['description' => 'The version of the certificate.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '3', 'title' => ''], 'CertificateId' => ['description' => 'The ID of the certificate.'."\n", 'type' => 'string', 'example' => 'idp-c-00dt9gnl7fmjaw9c****', 'title' => ''], 'PublicKey' => ['description' => 'The public key of the certificate. The value of this parameter is in the PEM format and is Base64-encoded.'."\n", 'type' => 'string', 'example' => 'MIIBIjANBgkqhkiG****', 'title' => ''], 'SignatureAlgorithm' => ['description' => 'The signature algorithm of the certificate.'."\n", 'type' => 'string', 'example' => 'SHA256withRSA', 'title' => ''], 'NotAfter' => ['description' => 'The time when the certificate expires.'."\n", 'type' => 'string', 'example' => '2030-06-23T07:04:37Z', 'title' => ''], 'NotBefore' => ['description' => 'The time when the certificate was created.'."\n", 'type' => 'string', 'example' => '2020-06-23T07:03:37Z', 'title' => ''], 'Subject' => ['description' => 'The subject of the certificate.'."\n", 'type' => 'string', 'example' => '1.2.840.113549.1.9.1=#160d696e666f406f6b74612e63****,CN=dev-xxxxxx,OU=SSOProvider,O=Okta,L=San Francisco,ST=California,C=US', 'title' => ''], 'X509Certificate' => ['description' => 'The X.509 certificate in the PEM format.'."\n", 'type' => 'string', 'example' => 'MIIDpDCCAoygAwIBAgIG****', 'title' => ''], ], 'title' => '', ], 'title' => '', ], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"400979BC-92EC-58B9-B47C-6913BD56A6FD\\",\\n \\"TotalCounts\\": 1,\\n \\"SAMLIdPCertificates\\": [\\n {\\n \\"SerialNumber\\": \\"159289587****\\",\\n \\"Issuer\\": \\"1.2.840.113549.1.9.1=#160d696e666f406f6b74612e63****,CN=dev-xxxxxx,OU=SSOProvider,O=Okta,L=San Francisco,ST=California,C=US\\",\\n \\"Version\\": 3,\\n \\"CertificateId\\": \\"idp-c-00dt9gnl7fmjaw9c****\\",\\n \\"PublicKey\\": \\"MIIBIjANBgkqhkiG****\\",\\n \\"SignatureAlgorithm\\": \\"SHA256withRSA\\",\\n \\"NotAfter\\": \\"2030-06-23T07:04:37Z\\",\\n \\"NotBefore\\": \\"2020-06-23T07:03:37Z\\",\\n \\"Subject\\": \\"1.2.840.113549.1.9.1=#160d696e666f406f6b74612e63****,CN=dev-xxxxxx,OU=SSOProvider,O=Okta,L=San Francisco,ST=California,C=US\\",\\n \\"X509Certificate\\": \\"MIIDpDCCAoygAwIBAgIG****\\"\\n }\\n ]\\n}","errorExample":""},{"type":"xml","example":"\\n\\t400979BC-92EC-58B9-B47C-6913BD56A6FD\\n\\t1\\n\\t\\n\\t\\t\\n\\t\\t\\t159289587****\\n\\t\\t\\t1.2.840.113549.1.9.1=#160d696e666f406f6b74612e63****,CN=dev-xxxxxx,OU=SSOProvider,O=Okta,L=San Francisco,ST=California,C=US\\n\\t\\t\\t3\\n\\t\\t\\tidp-c-00dt9gnl7fmjaw9c****\\n\\t\\t\\tMIIBIjANBgkqhkiG****\\n\\t\\t\\tSHA256withRSA\\n\\t\\t\\t2030-06-23T07:04:37Z\\n\\t\\t\\t2020-06-23T07:03:37Z\\n\\t\\t\\t1.2.840.113549.1.9.1=#160d696e666f406f6b74612e63****,CN=dev-xxxxxx,OU=SSOProvider,O=Okta,L=San Francisco,ST=California,C=US\\n\\t\\t\\tMIIDpDCCAoygAwIBAgIG****\\n\\t\\t\\n\\t\\n\\t","errorExample":""}]', 'title' => 'ListExternalSAMLIdPCertificates', 'summary' => 'Queries Security Assertion Markup Language (SAML) signing certificates.', 'description' => 'This topic provides an example on how to query the SAML signing certificates within the directory `d-00fc2p61****`. The returned result shows that the directory contains one SAML signing certificate.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListExternalSAMLIdPCertificates', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'ListGroupMembers' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'GroupId', 'in' => 'query', 'schema' => ['description' => 'The ID of the group.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'g-00jqzghi2n3o5hkh****', 'title' => ''], ], [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'NextToken', 'in' => 'query', 'schema' => ['description' => 'The pagination token that is used in the next request to retrieve a new page of results. You do not need to specify this parameter for the first request. You must specify the token that is obtained from the previous query as the value of `NextToken`.'."\n" ."\n" .'When you call this operation for the first time, if the total number of entries to return is larger than the value of the `MaxResults` parameter, the entries are truncated. The system returns entries based on the value of the `MaxResults` parameter, and does not return the excess entries. In this case, the value of the response parameter `IsTruncated` is `true`, and the `NextToken` parameter is returned. In the next call, you can use the value of the `NextToken` parameter and maintain the settings of the other request parameters to query the excess entries. You can repeat the call until the value of `IsTruncated` becomes `false`. This way, all entries are returned.'."\n", 'type' => 'string', 'required' => false, 'example' => 'K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****', 'title' => ''], ], [ 'name' => 'MaxResults', 'in' => 'query', 'schema' => ['description' => 'The number of entries per page.'."\n" ."\n" .'Valid values: 1 to 100.'."\n" ."\n" .'Default value: 10.'."\n", 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'NextToken' => ['description' => 'A pagination token. It can be used in the next request to retrieve a new page of results.'."\n" ."\n" .'> This parameter is returned only when the value of the `IsTruncated` parameter is `true`.'."\n", 'type' => 'string', 'example' => 'K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****', 'title' => ''], 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => 'BB759F84-2C64-5C36-B6C6-253172C5C370', 'title' => ''], 'TotalCounts' => ['description' => 'The total number of entries returned.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '2', 'title' => ''], 'MaxResults' => ['description' => 'The number of entries per page.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '10', 'title' => ''], 'IsTruncated' => ['description' => 'Indicates whether the queried entries are truncated. Valid values:'."\n" ."\n" .'* true'."\n" .'* false'."\n", 'type' => 'boolean', 'example' => 'false', 'title' => ''], 'GroupMembers' => [ 'description' => 'The users in the group.'."\n", 'type' => 'array', 'items' => [ 'description' => 'The user in the group.'."\n", 'type' => 'object', 'properties' => [ 'Status' => ['description' => 'The status of the user. Valid values:'."\n" ."\n" .'* Enabled: The logon of the user is enabled.'."\n" .'* Disabled: The logon of the user is disabled.'."\n", 'type' => 'string', 'example' => 'Enabled', 'title' => ''], 'UserName' => ['description' => 'The name of the user.'."\n", 'type' => 'string', 'example' => 'Alice', 'title' => ''], 'Email' => ['description' => 'The email address of the user.'."\n", 'type' => 'string', 'example' => 'AliceLee@example.com', 'title' => ''], 'Description' => ['description' => 'The description of the user.'."\n", 'type' => 'string', 'example' => 'This is a user.', 'title' => ''], 'UserId' => ['description' => 'The ID of the user.'."\n", 'type' => 'string', 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], 'ProvisionType' => ['description' => 'The type of the user. Valid values:'."\n" ."\n" .'* Manual: The user is manually created.'."\n" .'* Synchronized: The user is synchronized from an external identity provider (IdP).'."\n", 'type' => 'string', 'example' => 'Manual', 'title' => ''], 'DisplayName' => ['description' => 'The display name of the user.'."\n", 'type' => 'string', 'example' => 'Alice', 'title' => ''], 'JoinTime' => ['description' => 'The time when the user was added to the group.'."\n", 'type' => 'string', 'example' => '2021-11-01T06:58:18Z', 'title' => ''], 'GroupId' => ['description' => 'The ID of the group.'."\n", 'type' => 'string', 'example' => 'g-00jqzghi2n3o5hkh****', 'title' => ''], ], 'title' => '', ], 'title' => '', ], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"NextToken\\": \\"K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****\\",\\n \\"RequestId\\": \\"BB759F84-2C64-5C36-B6C6-253172C5C370\\",\\n \\"TotalCounts\\": 2,\\n \\"MaxResults\\": 10,\\n \\"IsTruncated\\": false,\\n \\"GroupMembers\\": [\\n {\\n \\"Status\\": \\"Enabled\\",\\n \\"UserName\\": \\"Alice\\",\\n \\"Email\\": \\"AliceLee@example.com\\",\\n \\"Description\\": \\"This is a user.\\",\\n \\"UserId\\": \\"u-00q8wbq42wiltcrk****\\",\\n \\"ProvisionType\\": \\"Manual\\",\\n \\"DisplayName\\": \\"Alice\\",\\n \\"JoinTime\\": \\"2021-11-01T06:58:18Z\\",\\n \\"GroupId\\": \\"g-00jqzghi2n3o5hkh****\\"\\n }\\n ]\\n}","errorExample":""},{"type":"xml","example":"\\n\\tBB759F84-2C64-5C36-B6C6-253172C5C370\\n\\t2\\n\\t10\\n\\tfalse\\n\\t\\n\\t\\t\\n\\t\\t\\tEnabled\\n\\t\\t\\tAlice\\n\\t\\t\\tAliceLee@example.com\\n\\t\\t\\tThis is a user.\\n\\t\\t\\tu-00q8wbq42wiltcrk****\\n\\t\\t\\tManual\\n\\t\\t\\tAlice\\n\\t\\t\\t2021-11-01T06:58:18Z\\n\\t\\t\\tg-00jqzghi2n3o5hkh****\\n\\t\\t\\n\\t\\t\\n\\t\\t\\tEnabled\\n\\t\\t\\tuser1\\n\\t\\t\\t\\n\\t\\t\\t\\n\\t\\t\\tu-00pkfll14gwm1mb9****\\n\\t\\t\\tManual\\n\\t\\t\\t\\n\\t\\t\\t2021-11-01T07:37:14Z\\n\\t\\t\\tg-00jqzghi2n3o5hkh****\\n\\t\\t\\n\\t\\n\\t\\n","errorExample":""}]', 'title' => 'ListGroupMembers', 'summary' => 'Queries the users in a group.', 'description' => 'This topic provides an example on how to query the users in the group `g-00jqzghi2n3o5hkh****`. The returned result shows that the group contains the user `Alice` and the user `user1`.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListGroupMembers', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/{#GroupId}'], ], ], ], ], ], 'ListGroups' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'NextToken', 'in' => 'query', 'schema' => ['description' => 'The pagination token that is used in the next request to retrieve a new page of results. You do not need to specify this parameter for the first request. You must specify the token that is obtained from the previous query as the value of `NextToken`.'."\n" ."\n" .'When you call this operation for the first time, if the total number of entries to return is larger than the value of the `MaxResults` parameter, the entries are truncated. The system returns entries based on the value of the `MaxResults` parameter, and does not return the excess entries. In this case, the value of the response parameter `IsTruncated` is `true`, and the `NextToken` parameter is returned. In the next call, you can use the value of the `NextToken` parameter and maintain the settings of the other request parameters to query the excess entries. You can repeat the call until the value of `IsTruncated` becomes `false`. This way, all entries are returned.'."\n", 'type' => 'string', 'required' => false, 'example' => 'K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****', 'title' => ''], ], [ 'name' => 'MaxResults', 'in' => 'query', 'schema' => ['description' => 'The number of entries per page.'."\n" ."\n" .'Valid values: 1 to 100.'."\n" ."\n" .'Default value: 10.'."\n", 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', 'title' => ''], ], [ 'name' => 'Filter', 'in' => 'query', 'schema' => ['description' => 'The filter condition.'."\n" ."\n" .'You must specify the value in the ` ` format. The value is not case-sensitive. You can set `` only to `GroupName` and `` only to `eq` or `sw`. The value eq indicates Equals, and the value sw indicates Start With.'."\n" ."\n" .'For example, if you set Filter to GroupName sw test, the operation queries the groups whose names start with test. If you set Filter to GroupName eq testgroup, the operation queries the group whose name is testgroup.'."\n", 'type' => 'string', 'required' => false, 'example' => 'GroupName eq testgroup', 'title' => ''], ], [ 'name' => 'ProvisionType', 'in' => 'query', 'schema' => ['description' => 'The type of the group. The type can be used to filter groups. Valid values:'."\n" ."\n" .'* Manual: The group is manually created.'."\n" .'* Synchronized: The group is synchronized from an external IdP.'."\n", 'type' => 'string', 'required' => false, 'example' => 'Manual', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'NextToken' => ['description' => 'A pagination token. It can be used in the next request to retrieve a new page of results.'."\n" ."\n" .'> This parameter is returned only when the value of the `IsTruncated` parameter is `true`.'."\n", 'type' => 'string', 'example' => 'K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****', 'title' => ''], 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '768F908D-A66A-5A5D-816C-20C93CBBFEE3', 'title' => ''], 'Groups' => [ 'description' => 'The groups.'."\n", 'type' => 'array', 'items' => [ 'description' => 'The group.'."\n", 'type' => 'object', 'properties' => [ 'GroupName' => ['description' => 'The name of the group.'."\n", 'type' => 'string', 'example' => 'TestGroup', 'title' => ''], 'Description' => ['description' => 'The description of the group.'."\n", 'type' => 'string', 'example' => 'This is a group.', 'title' => ''], 'CreateTime' => ['description' => 'The time when the group was created.'."\n", 'type' => 'string', 'example' => '2021-11-01T02:38:27Z', 'title' => ''], 'ProvisionType' => ['description' => 'The type of the group. Valid values:'."\n" ."\n" .'* Manual: The group is manually created.'."\n" .'* Synchronized: The group is synchronized from an external IdP.'."\n", 'type' => 'string', 'example' => 'Manual', 'title' => ''], 'UpdateTime' => ['description' => 'The time when the information about the group was modified.'."\n", 'type' => 'string', 'example' => '2021-11-01T02:38:27Z', 'title' => ''], 'GroupId' => ['description' => 'The ID of the group.'."\n", 'type' => 'string', 'example' => 'g-00jqzghi2n3o5hkh****', 'title' => ''], ], 'title' => '', ], 'title' => '', ], 'MaxResults' => ['description' => 'The number of entries per page.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '10', 'title' => ''], 'TotalCounts' => ['description' => 'The total number of entries returned.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '3', 'title' => ''], 'IsTruncated' => ['description' => 'Indicates whether the queried entries are truncated. Valid values:'."\n" ."\n" .'* true'."\n" .'* false'."\n", 'type' => 'boolean', 'example' => 'false', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"NextToken\\": \\"K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****\\",\\n \\"RequestId\\": \\"768F908D-A66A-5A5D-816C-20C93CBBFEE3\\",\\n \\"Groups\\": [\\n {\\n \\"GroupName\\": \\"TestGroup\\",\\n \\"Description\\": \\"This is a group.\\",\\n \\"CreateTime\\": \\"2021-11-01T02:38:27Z\\",\\n \\"ProvisionType\\": \\"Manual\\",\\n \\"UpdateTime\\": \\"2021-11-01T02:38:27Z\\",\\n \\"GroupId\\": \\"g-00jqzghi2n3o5hkh****\\"\\n }\\n ],\\n \\"MaxResults\\": 10,\\n \\"TotalCounts\\": 3,\\n \\"IsTruncated\\": false\\n}","errorExample":""},{"type":"xml","example":"\\n\\t768F908D-A66A-5A5D-816C-20C93CBBFEE3\\n\\t\\n\\t\\t\\n\\t\\t\\tgroup1\\n\\t\\t\\t\\n\\t\\t\\t2021-06-30T08:52:17Z\\n\\t\\t\\tSynchronized\\n\\t\\t\\t2021-07-09T03:27:23Z\\n\\t\\t\\tg-00dd217ozcicxqz0****\\n\\t\\t\\n\\t\\t\\n\\t\\t\\tgroup2\\n\\t\\t\\t\\n\\t\\t\\t2021-07-09T03:26:48Z\\n\\t\\t\\tSynchronized\\n\\t\\t\\t2021-07-09T03:26:48Z\\n\\t\\t\\tg-00e2fbulf91zlsuu****\\n\\t\\t\\n\\t\\t\\n\\t\\t\\tTestGroup\\n\\t\\t\\tThis is a group.\\n\\t\\t\\t2021-11-01T02:38:27Z\\n\\t\\t\\tManual\\n\\t\\t\\t2021-11-01T02:38:27Z\\n\\t\\t\\tg-00jqzghi2n3o5hkh****\\n\\t\\t\\n\\t\\n\\t10\\n\\t3\\n\\tfalse\\n\\t","errorExample":""}]', 'title' => 'ListGroups', 'summary' => 'Queries groups.', 'description' => 'This topic provides an example on how to query the groups in the directory `d-00fc2p61****`. The returned result shows that the directory contains three groups. The groups `group1` and `group2` are synchronized from an external identity provider (IdP). The group `TestGroup` is manually created in CloudSSO.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListGroups', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/*'], ], ], ], ], ], 'ListJoinedGroupsForUser' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'UserId', 'in' => 'query', 'schema' => ['description' => 'The ID of the user.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], ], [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'NextToken', 'in' => 'query', 'schema' => ['description' => 'The pagination token that is used in the next request to retrieve a new page of results. You do not need to specify this parameter for the first request. You must specify the token that is obtained from the previous query as the value of `NextToken`.'."\n" ."\n" .'When you call this operation for the first time, if the total number of entries to return is larger than the value of the `MaxResults` parameter, the entries are truncated. The system returns entries based on the value of the `MaxResults` parameter, and does not return the excess entries. In this case, the value of the response parameter `IsTruncated` is `true`, and the `NextToken` parameter is returned. In the next call, you can use the value of the `NextToken` parameter and maintain the settings of the other request parameters to query the excess entries. You can repeat the call until the value of `IsTruncated` becomes `false`. This way, all entries are returned.'."\n", 'type' => 'string', 'required' => false, 'example' => 'K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****', 'title' => ''], ], [ 'name' => 'MaxResults', 'in' => 'query', 'schema' => ['description' => 'The number of entries per page.'."\n" ."\n" .'Valid values: 1 to 100.'."\n" ."\n" .'Default value: 10.'."\n", 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'NextToken' => ['description' => 'A pagination token. It can be used in the next request to retrieve a new page of results.'."\n" ."\n" .'> This parameter is returned only when the `IsTruncated` parameter is `true`.'."\n", 'type' => 'string', 'example' => 'K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****', 'title' => ''], 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => 'E9BBB45F-7877-5DE9-96A5-20E6CFA48929', 'title' => ''], 'TotalCounts' => ['description' => 'The total number of entries returned.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '2', 'title' => ''], 'MaxResults' => ['description' => 'The number of entries per page.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '10', 'title' => ''], 'IsTruncated' => ['description' => 'Indicates whether the queried entries are truncated. Valid values:'."\n" ."\n" .'* true'."\n" .'* false'."\n", 'type' => 'boolean', 'example' => 'false', 'title' => ''], 'JoinedGroups' => [ 'description' => 'The groups to which the user is added.'."\n", 'type' => 'array', 'items' => [ 'description' => 'The group to which the user is added.'."\n", 'type' => 'object', 'properties' => [ 'GroupName' => ['description' => 'The name of the group.'."\n", 'type' => 'string', 'example' => 'TestGroup', 'title' => ''], 'Description' => ['description' => 'The description of the group.'."\n", 'type' => 'string', 'example' => 'This is a group.', 'title' => ''], 'UserId' => ['description' => 'The ID of the user.'."\n", 'type' => 'string', 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], 'ProvisionType' => ['description' => 'The type of the group. Valid values:'."\n" ."\n" .'* Manual: The group is manually created.'."\n" .'* Synchronized: The group is synchronized from an external identity provider (IdP).'."\n", 'type' => 'string', 'example' => 'Manual', 'title' => ''], 'JoinTime' => ['description' => 'The time when the user was added to the group.'."\n", 'type' => 'string', 'example' => '2021-11-01T06:58:18Z', 'title' => ''], 'GroupId' => ['description' => 'The ID of the group.'."\n", 'type' => 'string', 'example' => 'g-00jqzghi2n3o5hkh****', 'title' => ''], ], 'title' => '', ], 'title' => '', ], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"NextToken\\": \\"K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****\\",\\n \\"RequestId\\": \\"E9BBB45F-7877-5DE9-96A5-20E6CFA48929\\",\\n \\"TotalCounts\\": 2,\\n \\"MaxResults\\": 10,\\n \\"IsTruncated\\": false,\\n \\"JoinedGroups\\": [\\n {\\n \\"GroupName\\": \\"TestGroup\\",\\n \\"Description\\": \\"This is a group.\\",\\n \\"UserId\\": \\"u-00q8wbq42wiltcrk****\\",\\n \\"ProvisionType\\": \\"Manual\\",\\n \\"JoinTime\\": \\"2021-11-01T06:58:18Z\\",\\n \\"GroupId\\": \\"g-00jqzghi2n3o5hkh****\\"\\n }\\n ]\\n}","errorExample":""},{"type":"xml","example":"\\n\\tE9BBB45F-7877-5DE9-96A5-20E6CFA48929\\n\\t2\\n\\t10\\n\\tfalse\\n\\t\\n\\t\\t\\n\\t\\t\\tTestGroup\\n\\t\\t\\tThis is a group.\\n\\t\\t\\tu-00q8wbq42wiltcrk****\\n\\t\\t\\tManual\\n\\t\\t\\t2021-11-01T06:58:18Z\\n\\t\\t\\tg-00jqzghi2n3o5hkh****\\n\\t\\t\\n\\t\\t\\n\\t\\t\\tgroup1\\n\\t\\t\\t\\n\\t\\t\\tu-00q8wbq42wiltcrk****\\n\\t\\t\\tSynchronized\\n\\t\\t\\t2021-11-01T07:16:44Z\\n\\t\\t\\tg-00dd217ozcicxqz0****\\n\\t\\t\\n\\t\\n\\t\\n","errorExample":""}]', 'title' => 'ListJoinedGroupsForUser', 'summary' => 'Queries the groups to which a user is added.', 'description' => 'This topic provides an example on how to query the groups to which the user `u-00q8wbq42wiltcrk****` is added. The returned result shows that the user is added to both the `TestGroup` and the `group1` groups.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListJoinedGroupsForUser', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], ], ], 'ListMFADevicesForUser' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'UserId', 'in' => 'query', 'schema' => ['description' => 'The ID of the user.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '8B9982ED-FD0D-5622-8EA0-7B768685DCE7', 'title' => ''], 'TotalCounts' => ['description' => 'The total number of MFA devices.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''], 'MFADevices' => [ 'description' => 'The MFA devices.'."\n", 'type' => 'array', 'items' => [ 'description' => 'The MFA device.'."\n", 'type' => 'object', 'properties' => [ 'DeviceType' => ['description' => 'The type of the MFA device. The value is fixed as TOTP, which indicates a virtual MFA device. Virtual MFA devices are based on the Time-based One-time Password (TOTP) algorithm.'."\n", 'type' => 'string', 'example' => 'TOTP', 'title' => ''], 'EffectiveTime' => ['description' => 'The time when the MFA device was enabled.'."\n", 'type' => 'string', 'example' => '2021-10-29T09:14:06Z', 'title' => ''], 'DeviceId' => ['description' => 'The ID of the MFA device.'."\n", 'type' => 'string', 'example' => 'mfa-00ujhet8pycljj7j****', 'title' => ''], 'UserId' => ['description' => 'The ID of the user.'."\n", 'type' => 'string', 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], 'DeviceName' => ['description' => 'The name of the MFA device.'."\n", 'type' => 'string', 'example' => 'Alice-MFA1', 'title' => ''], ], 'title' => '', ], 'title' => '', ], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"8B9982ED-FD0D-5622-8EA0-7B768685DCE7\\",\\n \\"TotalCounts\\": 1,\\n \\"MFADevices\\": [\\n {\\n \\"DeviceType\\": \\"TOTP\\",\\n \\"EffectiveTime\\": \\"2021-10-29T09:14:06Z\\",\\n \\"DeviceId\\": \\"mfa-00ujhet8pycljj7j****\\",\\n \\"UserId\\": \\"u-00q8wbq42wiltcrk****\\",\\n \\"DeviceName\\": \\"Alice-MFA1\\"\\n }\\n ]\\n}","errorExample":""},{"type":"xml","example":"\\n\\t8B9982ED-FD0D-5622-8EA0-7B768685DCE7\\n\\t1\\n\\t\\n\\t\\t\\n\\t\\t\\tTOTP\\n\\t\\t\\t2021-10-29T09:14:06Z\\n\\t\\t\\tmfa-00ujhet8pycljj7j****\\n\\t\\t\\tu-00q8wbq42wiltcrk****\\n\\t\\t\\tAlice-MFA1\\n\\t\\t\\n\\t\\n\\t","errorExample":""}]', 'title' => 'ListMFADevicesForUser', 'summary' => 'Queries the multi-factor authentication (MFA) devices that are bound to a user. Up to two MFA devices can be bound to a user.', 'description' => 'This topic provides an example on how to query the MFA devices that are bound to the user `u-00q8wbq42wiltcrk****`. The returned result shows that the MFA device named `Alice-MFA1` is bound to the user.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListMFADevicesForUser', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], ], ], 'ListPermissionPoliciesInAccessConfiguration' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'AccessConfigurationId', 'in' => 'query', 'schema' => ['description' => 'The ID of the access configuration.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'ac-00jhtfl8thteu6uj****', 'title' => ''], ], [ 'name' => 'PermissionPolicyType', 'in' => 'query', 'schema' => ['description' => 'The type of the policy. The type can be used to filter policies. Valid values:'."\n" ."\n" .'* System: system policy.'."\n" .'* Inline: inline policy.'."\n" ."\n" .'If you do not specify this parameter, all types of policies are queried.'."\n", 'type' => 'string', 'required' => false, 'docRequired' => false, 'example' => 'System', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'PermissionPolicies' => [ 'description' => 'The policies.'."\n", 'type' => 'array', 'items' => [ 'description' => 'The policy.'."\n", 'type' => 'object', 'properties' => [ 'PermissionPolicyName' => ['description' => 'The name of the policy.'."\n", 'type' => 'string', 'example' => 'AliyunECSFullAccess', 'title' => ''], 'PermissionPolicyType' => ['description' => 'The type of the policy.'."\n", 'type' => 'string', 'example' => 'System', 'title' => ''], 'PermissionPolicyDocument' => ['description' => 'The configurations of the inline policy.'."\n" ."\n" .'> This parameter is returned only when the value of the PermissionPolicyType parameter is Inline.'."\n", 'type' => 'string', 'example' => '{\\"Statement\\": [{\\"Action\\": \\"*\\",\\"Effect\\": \\"Allow\\",\\"Resource\\": \\"*\\"}],\\"Version\\": \\"1\\"}', 'title' => ''], 'AddTime' => ['description' => 'The time when the policy was created for the access configuration.'."\n", 'type' => 'string', 'example' => '2021-11-03T06:37:25Z', 'title' => ''], ], 'title' => '', ], 'title' => '', ], 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '3A5E771F-1F5A-5555-A64E-579748AAFD98', 'title' => ''], 'TotalCounts' => ['description' => 'The total number of policies.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '2', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"PermissionPolicies\\": [\\n {\\n \\"PermissionPolicyName\\": \\"AliyunECSFullAccess\\",\\n \\"PermissionPolicyType\\": \\"System\\",\\n \\"PermissionPolicyDocument\\": \\"{\\\\\\\\\\\\\\"Statement\\\\\\\\\\\\\\": [{\\\\\\\\\\\\\\"Action\\\\\\\\\\\\\\": \\\\\\\\\\\\\\"*\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"Effect\\\\\\\\\\\\\\": \\\\\\\\\\\\\\"Allow\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"Resource\\\\\\\\\\\\\\": \\\\\\\\\\\\\\"*\\\\\\\\\\\\\\"}],\\\\\\\\\\\\\\"Version\\\\\\\\\\\\\\": \\\\\\\\\\\\\\"1\\\\\\\\\\\\\\"}\\",\\n \\"AddTime\\": \\"2021-11-03T06:37:25Z\\"\\n }\\n ],\\n \\"RequestId\\": \\"3A5E771F-1F5A-5555-A64E-579748AAFD98\\",\\n \\"TotalCounts\\": 2\\n}","errorExample":""},{"type":"xml","example":"\\n\\t\\n\\t\\t\\n\\t\\t\\tInlinePolicy\\n\\t\\t\\tInline\\n\\t\\t\\t{\\"Statement\\": [{\\"Action\\": \\"*\\",\\"Effect\\": \\"Allow\\",\\"Resource\\": \\"*\\"}],\\"Version\\": \\"1\\"}\\n\\t\\t\\t2021-11-03T06:49:50Z\\n\\t\\t\\n\\t\\t\\n\\t\\t\\tAliyunECSFullAccess\\n\\t\\t\\tSystem\\n\\t\\t\\t2021-11-03T06:37:25Z\\n\\t\\t\\n\\t\\n\\t3A5E771F-1F5A-5555-A64E-579748AAFD98\\n\\t2\\n","errorExample":""}]', 'title' => 'ListPermissionPoliciesInAccessConfiguration', 'summary' => 'Queries the policies that are created for an access configuration.', 'description' => 'This topic provides an example on how to query the policies that are created for the access configuration `ac-00jhtfl8thteu6uj****`. The returned result shows that the access configuration contains one system policy and one inline policy.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListPermissionPoliciesInAccessConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ], ], ], ], ], 'ListSCIMServerCredentials' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => 'FE4B7037-C315-5DD5-826E-57A87950BCD1', 'title' => ''], 'TotalCounts' => ['description' => 'The total number of entries returned.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''], 'SCIMServerCredentials' => [ 'description' => 'The SCIM credentials.'."\n", 'type' => 'array', 'items' => [ 'description' => 'The SCIM credential.'."\n", 'type' => 'object', 'properties' => [ 'Status' => ['description' => 'The status of the SCIM credential. Valid values:'."\n" ."\n" .'* Enabled'."\n" .'* Disabled'."\n", 'type' => 'string', 'example' => 'Enabled', 'title' => ''], 'DirectoryId' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'example' => 'd-00fc2p61****', 'title' => ''], 'CredentialId' => ['description' => 'The ID of the SCIM credential.'."\n", 'type' => 'string', 'example' => 'scimcred-004whl0kvfwcypbi****', 'title' => ''], 'CreateTime' => ['description' => 'The time when the SCIM credential was created.'."\n", 'type' => 'string', 'example' => '2021-11-09T08:12:52Z', 'title' => ''], 'CredentialType' => ['description' => 'The type of the SCIM credential.'."\n", 'type' => 'string', 'example' => 'BearerToken', 'title' => ''], 'ExpireTime' => ['description' => 'The time when the SCIM credential expires.'."\n", 'type' => 'string', 'example' => '2022-11-09T08:12:52Z', 'title' => ''], ], 'title' => '', ], 'title' => '', ], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"FE4B7037-C315-5DD5-826E-57A87950BCD1\\",\\n \\"TotalCounts\\": 1,\\n \\"SCIMServerCredentials\\": [\\n {\\n \\"Status\\": \\"Enabled\\",\\n \\"DirectoryId\\": \\"d-00fc2p61****\\",\\n \\"CredentialId\\": \\"scimcred-004whl0kvfwcypbi****\\",\\n \\"CreateTime\\": \\"2021-11-09T08:12:52Z\\",\\n \\"CredentialType\\": \\"BearerToken\\",\\n \\"ExpireTime\\": \\"2022-11-09T08:12:52Z\\"\\n }\\n ]\\n}","errorExample":""},{"type":"xml","example":"\\n\\tFE4B7037-C315-5DD5-826E-57A87950BCD1\\n\\t1\\n\\t\\n\\t\\t\\n\\t\\t\\tEnabled\\n\\t\\t\\td-00fc2p61****\\n\\t\\t\\tscimcred-004whl0kvfwcypbi****\\n\\t\\t\\t2021-11-09T08:12:52Z\\n\\t\\t\\tBearerToken\\n\\t\\t\\t2022-11-09T08:12:52Z\\n\\t\\t\\n\\t\\n\\t","errorExample":""}]', 'title' => 'ListSCIMServerCredentials', 'summary' => 'Queries Cross-domain Identity Management (SCIM) credentials.', 'description' => 'This topic provides an example on how to query the SCIM credentials within the `d-00fc2p61****` directory.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListSCIMServerCredentials', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'SCIMServerCredential', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/scim-credential/*'], ], ], ], ], ], 'ListTasks' => [ 'summary' => 'Queries asynchronous tasks.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'AccessConfigurationId', 'in' => 'query', 'schema' => ['description' => 'The ID of the access configuration. The ID can be used to filter access permissions.', 'type' => 'string', 'required' => false, 'example' => 'ac-00jhtfl8thteu6uj****', 'title' => ''], ], [ 'name' => 'TargetType', 'in' => 'query', 'schema' => ['description' => 'The type of the task object. The type can be used to filter access permissions.'."\n" ."\n" .'Set the value to RD-Account, which specifies the accounts in the resource directory.'."\n" ."\n" .'> You can use the type to filter access permissions only if you specify both `TargetId` and `TargetType`.', 'type' => 'string', 'required' => false, 'example' => 'RD-Account', 'title' => ''], ], [ 'name' => 'TargetId', 'in' => 'query', 'schema' => ['description' => 'The ID of the task object. The ID can be used to filter access permissions.'."\n" ."\n" .'> You can use the type to filter access permissions only if you specify both `TargetId` and `TargetType`.', 'type' => 'string', 'required' => false, 'example' => '114240524784****', 'title' => ''], ], [ 'name' => 'PrincipalType', 'in' => 'query', 'schema' => ['description' => 'The type of the CloudSSO identity. The type can be used to filter access permissions. Valid values:'."\n" ."\n" .'- User'."\n" ."\n" .'- Group'."\n" ."\n" .'> You can use the type to filter access permissions only if you specify both `PrincipalId` and `PrincipalType`.', 'type' => 'string', 'required' => false, 'example' => 'User', 'title' => ''], ], [ 'name' => 'PrincipalId', 'in' => 'query', 'schema' => ['description' => 'The ID of the CloudSSO identity. The ID can be used to filter access permissions.'."\n" ."\n" .'- If you set `PrincipalType` to `User`, set `PrincipalId` to the ID of the CloudSSO user.'."\n" ."\n" .'- If you set `PrincipalType` to `Group`, set `PrincipalId` to the ID of the CloudSSO group.'."\n" ."\n" .'> You can use the type to filter access permissions only if you specify both `PrincipalId` and `PrincipalType`.', 'type' => 'string', 'required' => false, 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], ], [ 'name' => 'TaskType', 'in' => 'query', 'schema' => ['description' => 'The type of the task. The type can be used to filter tasks. Valid values:'."\n" ."\n" .'- ProvisionAccessConfiguration: An access configuration is provisioned.'."\n" ."\n" .'- DeprovisionAccessConfiguration: An access configuration is de-provisioned.'."\n" ."\n" .'- CreateAccessAssignment: Access permissions on an account in the resource directory are assigned.'."\n" ."\n" .'- DeleteAccessAssignment: Access permissions on an account in the resource directory are removed.', 'type' => 'string', 'required' => false, 'example' => 'CreateAccessAssignment', 'title' => ''], ], [ 'name' => 'Status', 'in' => 'query', 'schema' => ['description' => 'The ID of the task. The ID can be used to filter tasks. Valid values:'."\n" ."\n" .'- InProgress: The task is running.'."\n" ."\n" .'- Success: The task is successful.'."\n" ."\n" .'- Failed: The task failed.', 'type' => 'string', 'required' => false, 'example' => 'Success', 'title' => ''], ], [ 'name' => 'NextToken', 'in' => 'query', 'schema' => ['description' => 'The pagination token that is used in the next request to retrieve a new page of results. If this is your first time to call this operation, you do not need to specify the `NextToken` parameter.'."\n" ."\n" .'When you call this operation for the first time, if the total number of entries to return exceeds the value of `MaxResults`, the entries are truncated. Only the entries that match the value of `MaxResults` are returned, and the excess entries are not returned. In this case, the value of the response parameter `IsTruncated` is `true`, and `NextToken` is returned. In the next call, you can use the value of `NextToken` and maintain the settings of the other request parameters to query the excess entries. You can repeat the call until the value of `IsTruncated` becomes `false`. This way, all entries are returned.', 'type' => 'string', 'required' => false, 'example' => 'K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****', 'title' => ''], ], [ 'name' => 'MaxResults', 'in' => 'query', 'schema' => ['description' => 'The maximum number of entries per page.'."\n" ."\n" .'Valid values: 1 to 20.'."\n" ."\n" .'Default value: 10.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', 'title' => ''], ], [ 'name' => 'Filter', 'in' => 'query', 'schema' => ['description' => 'The filter condition.'."\n" ."\n" .'The condition is not case-sensitive. The condition must be in the StartTime ge YYYY-MM-DDTHH:mm:SSZ format. You must set YYYY-MM-DDTHH:mm:SSZ to a value that is no more than 7 days from the current time. ge indicates Greater Than or Equals.'."\n" ."\n" .'For example, if you set the Filter parameter to StartTime ge 2021-03-15T01:12:23Z, the operation queries the tasks from 2021-03-15T01:12:23 GMT.'."\n" ."\n" .'> If you do not specify this parameter, the operation queries the tasks within the previous 24 hours by default.', 'type' => 'string', 'required' => false, 'example' => 'StartTime ge 2021-03-15T01:12:23Z', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The returned results.', 'type' => 'object', 'properties' => [ 'Tasks' => [ 'description' => 'The tasks.', 'type' => 'array', 'items' => [ 'description' => '', 'type' => 'object', 'properties' => [ 'Status' => ['description' => 'The task status. Valid values:'."\n" ."\n" .'- InProgress: The task is running.'."\n" ."\n" .'- Success: The task is successful.'."\n" ."\n" .'- Failed: The task failed.', 'type' => 'string', 'example' => 'Success', 'title' => ''], 'TaskId' => ['description' => 'The ID of the job.', 'type' => 'string', 'example' => 't-sh5k4gesm6twlrqb****', 'title' => ''], 'EndTime' => ['description' => 'The end time of the task.', 'type' => 'string', 'example' => '2021-11-09T05:50:50Z', 'title' => ''], 'PrincipalId' => ['description' => 'The ID of the CloudSSO identity.', 'type' => 'string', 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], 'TargetPath' => ['description' => 'The path ID of the task object in the resource directory.', 'type' => 'string', 'example' => 'rd-3G****/r-Wm****/114240524784****', 'title' => ''], 'StartTime' => ['description' => 'The start time of the task.', 'type' => 'string', 'example' => '2021-11-09T05:50:50Z', 'title' => ''], 'PrincipalName' => ['description' => 'The name of the CloudSSO identity.', 'type' => 'string', 'example' => 'Alice', 'title' => ''], 'TargetName' => ['description' => 'The name of the task object.', 'type' => 'string', 'example' => 'dev-test', 'title' => ''], 'TargetId' => ['description' => 'The ID of the task object.', 'type' => 'string', 'example' => '114240524784****', 'title' => ''], 'AccessConfigurationName' => ['description' => 'The name of the access configuration.', 'type' => 'string', 'example' => 'ECS-Admin', 'title' => ''], 'TargetPathName' => ['description' => 'The path name of the task object in the resource directory.', 'type' => 'string', 'example' => 'rd-3G****/root/dev-test', 'title' => ''], 'TaskType' => ['description' => 'The task type. Valid values:'."\n" ."\n" .'- ProvisionAccessConfiguration: An access configuration is provisioned.'."\n" ."\n" .'- DeprovisionAccessConfiguration: An access configuration is de-provisioned.'."\n" ."\n" .'- CreateAccessAssignment: Access permissions on an account in the resource directory are assigned.'."\n" ."\n" .'- DeleteAccessAssignment: Access permissions on an account in the resource directory are removed.', 'type' => 'string', 'example' => 'CreateAccessAssignment', 'title' => ''], 'FailureReason' => ['description' => 'The cause of the task failure.'."\n" ."\n" .'> This parameter is returned only when the value of `Status` is `Failed`.', 'type' => 'string', 'example' => 'No Permission.', 'title' => ''], 'TargetType' => ['description' => 'The type of the task object.'."\n" ."\n" .'The value is fixed as RD-Account, which indicates the accounts in the resource directory.', 'type' => 'string', 'example' => 'RD-Account', 'title' => ''], 'AccessConfigurationId' => ['description' => 'The ID of the access configuration.', 'type' => 'string', 'example' => 'ac-00jhtfl8thteu6uj****', 'title' => ''], 'PrincipalType' => ['description' => 'The type of the CloudSSO identity. Valid values:'."\n" ."\n" .'- User'."\n" ."\n" .'- Group', 'type' => 'string', 'example' => 'User', 'title' => ''], ], 'title' => '', 'example' => '', ], 'title' => '', 'example' => '', ], 'NextToken' => ['description' => 'The returned value of NextToken is a pagination token, which can be used in the next request to retrieve a new page of results.'."\n" ."\n" .'> This parameter is returned only when the value of `IsTruncated` is `true`.', 'type' => 'string', 'example' => 'K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****', 'title' => ''], 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'C0DA2DFC-EB18-59EF-BD82-C30862EBA3A3', 'title' => ''], 'MaxResults' => ['description' => 'The maximum number of entries returned per page.', 'type' => 'integer', 'format' => 'int32', 'example' => '10', 'title' => ''], 'TotalCounts' => ['description' => 'The total number of entries returned.', 'type' => 'integer', 'format' => 'int32', 'example' => '1', 'title' => ''], 'IsTruncated' => ['description' => 'Indicates whether the queried entries are truncated. Valid values:'."\n" ."\n" .'- true'."\n" ."\n" .'- false', 'type' => 'boolean', 'example' => 'false', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Tasks\\": [\\n {\\n \\"Status\\": \\"Success\\",\\n \\"TaskId\\": \\"t-sh5k4gesm6twlrqb****\\",\\n \\"EndTime\\": \\"2021-11-09T05:50:50Z\\",\\n \\"PrincipalId\\": \\"u-00q8wbq42wiltcrk****\\",\\n \\"TargetPath\\": \\"rd-3G****/r-Wm****/114240524784****\\",\\n \\"StartTime\\": \\"2021-11-09T05:50:50Z\\",\\n \\"PrincipalName\\": \\"Alice\\",\\n \\"TargetName\\": \\"dev-test\\",\\n \\"TargetId\\": \\"114240524784****\\",\\n \\"AccessConfigurationName\\": \\"ECS-Admin\\",\\n \\"TargetPathName\\": \\"rd-3G****/root/dev-test\\",\\n \\"TaskType\\": \\"CreateAccessAssignment\\",\\n \\"FailureReason\\": \\"No Permission.\\",\\n \\"TargetType\\": \\"RD-Account\\",\\n \\"AccessConfigurationId\\": \\"ac-00jhtfl8thteu6uj****\\",\\n \\"PrincipalType\\": \\"User\\"\\n }\\n ],\\n \\"NextToken\\": \\"K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****\\",\\n \\"RequestId\\": \\"C0DA2DFC-EB18-59EF-BD82-C30862EBA3A3\\",\\n \\"MaxResults\\": 10,\\n \\"TotalCounts\\": 1,\\n \\"IsTruncated\\": false\\n}","type":"json"}]', 'title' => 'ListTasks', 'description' => 'By default, this operation queries the tasks within the previous 24 hours. This operation allows you to query the tasks within a maximum of 7 days. You can specify the start time of the query by using `Filter`.'."\n" ."\n" .'This topic provides an example on how to query the tasks within the previous 24 hours.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListTasks'], ], ], 'ramActions' => [ [ 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListTasks', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'ListUserProvisioningEvents' => [ 'summary' => 'Queries Resource Access Management (RAM) user provisioning events.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'UserProvisioningId', 'in' => 'query', 'schema' => ['description' => 'The ID of the RAM user provisioning.', 'type' => 'string', 'docRequired' => false, 'required' => false, 'example' => 'up-002axzhapcbz6e63****', 'title' => ''], ], [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the resource directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00xz91nf****', 'title' => ''], ], [ 'name' => 'MaxResults', 'in' => 'query', 'schema' => ['description' => 'The maximum number of entries per page.'."\n" ."\n" .'Valid values: 1 to 100.'."\n" ."\n" .'Default value: 10.', 'type' => 'integer', 'format' => 'int32', 'docRequired' => false, 'required' => false, 'example' => '10', 'title' => ''], ], [ 'name' => 'NextToken', 'in' => 'query', 'schema' => ['description' => 'The token that is used to initiate the next request. If this is your first time to call this operation, you do not need to specify the `NextToken` parameter.'."\n" ."\n" .'When you call this operation for the first time, if the total number of entries to return is larger than the value of `MaxResults`, the entries are truncated. The system returns entries based on the value of `MaxResults`, and does not return the excess entries. In this case, the value of the response parameter `IsTruncated` is `true`, and `NextToken` is returned. In the next call, you can use the value of `NextToken` and maintain the settings of the other request parameters to query the excess entries. You can repeat the call until the value of `IsTruncated` becomes `false`. This way, all entries are returned.', 'type' => 'string', 'docRequired' => false, 'required' => false, 'example' => 'K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'NextToken' => ['description' => 'The token that is used to initiate the next request.'."\n" ."\n" .'> This parameter is returned only when the `IsTruncated` parameter is set to `true`.', 'type' => 'string', 'example' => '2eEMmhmLa1b7Bbj9UzCgZUGj8DpDeG5TbNknuNKNP2h84KjJRnAb7vzzSDkYNmsidnAybyJYBfnPPB6xfgw54B1Wub2KQmC8LofzqBW2Y****', 'title' => ''], 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '0D85B43D-EF98-396D-B426-837E428D2D39', 'title' => ''], 'TotalCounts' => ['description' => 'The total number of entries returned.', 'type' => 'integer', 'format' => 'int32', 'example' => '110', 'title' => ''], 'MaxResults' => ['description' => 'The maximum number of entries per page.'."\n" ."\n" .'Valid values: 1 to 100.'."\n" ."\n" .'Default value: 10.', 'type' => 'integer', 'format' => 'int32', 'example' => '10', 'title' => ''], 'IsTruncated' => ['description' => 'Indicates whether the queried entries are truncated. Valid values:'."\n" ."\n" .'- true'."\n" ."\n" .'- false', 'type' => 'boolean', 'example' => 'false', 'title' => ''], 'UserProvisioningEvents' => [ 'description' => 'The RAM user provisioning events.', 'type' => 'array', 'items' => [ 'description' => '', 'type' => 'object', 'properties' => [ 'UserProvisioningId' => ['description' => 'The ID of the RAM user provisioning.', 'type' => 'string', 'example' => 'up-002axzhapcbz6e63****', 'title' => ''], 'PrincipalId' => ['description' => 'The identity ID of the RAM user provisioning. Valid values:'."\n" ."\n" .'- If you set the `PrincipalType` parameter to `Group`, the value of this parameter is the ID of a CloudSSO user group (g-\\*\\*\\*\\*\\*\\*\\*\\*).'."\n" ."\n" .'- If you set the `PrincipalType` parameter to `User`, the value of this parameter is the ID of a CloudSSO user (u-\\*\\*\\*\\*\\*\\*\\*\\*).', 'type' => 'string', 'example' => 'g-02ha881d*****', 'title' => ''], 'TargetPath' => ['description' => 'The path of the resource directory in which you create the RAM user provisioning for the member.', 'type' => 'string', 'example' => 'rd-******/root/test**', 'title' => ''], 'ErrorInfo' => ['description' => 'The error message that is displayed when the last execution of the RAM user provisioning event failed.', 'type' => 'string', 'example' => 'OperationConflict.UserProvisioning.Process.fail.ImsUserExists', 'title' => ''], 'SourceType' => ['description' => 'The type of the source operation. Valid values:'."\n" ."\n" .'- StartProvisioning: enables the RAM user provisioning.'."\n" ."\n" .'- DeleteProvisioning: deletes the RAM user provisioning.'."\n" ."\n" .'- AddUserToGroup: adds a user to a user group.'."\n" ."\n" .'- RemoveUserFromGroup: removes a user from a user group.'."\n" ."\n" .'- UserProvisioningDeletionClearing: deletes the RAM user provisioning and clears resources in the background.', 'type' => 'string', 'example' => 'StartProvisioning', 'title' => ''], 'UpdateTime' => ['description' => 'The modification time. The time is displayed in UTC.', 'type' => 'string', 'example' => '2022-11-28T03:55:55Z', 'title' => ''], 'DuplicationStrategy' => ['description' => 'The conflict handling policy. The policy is used when a RAM user has the same username as the CloudSSO user who is synchronized to RAM. Valid values:'."\n" ."\n" .'- KeepBoth: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system creates a RAM user whose username is the username of the CloudSSO user plus the suffix `_sso`.'."\n" ."\n" .'- TakeOver: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system replaces the RAM user with the CloudSSO user.', 'type' => 'string', 'example' => 'KeepBoth', 'title' => ''], 'DeletionStrategy' => ['description' => 'The deletion policy. The policy is used to manage synchronized users when you delete the RAM user provisioning. Valid values:'."\n" ."\n" .'- Delete: When you delete the RAM user provisioning, the system deletes the synchronized users.'."\n" ."\n" .'- Keep: When you delete the RAM user provisioning, the system retains the synchronized users.', 'type' => 'string', 'example' => 'Keep', 'title' => ''], 'PrincipalName' => ['description' => 'The identity name of the RAM user provisioning. Valid values:'."\n" ."\n" .'- If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user group.'."\n" ."\n" .'- If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user.', 'type' => 'string', 'example' => 'exampleGroupName', 'title' => ''], 'TargetName' => ['description' => 'The name of the object for which you create the RAM user provisioning.'."\n" ."\n" .'If `RD-Account` is returned, the value of this parameter is the name of the account that is used to access the instance.\\`\\`', 'type' => 'string', 'example' => 'exampleRdMember', 'title' => ''], 'ErrorCount' => ['description' => 'The number of execution failures.', 'type' => 'integer', 'format' => 'int64', 'example' => '1', 'title' => ''], 'TargetId' => ['description' => 'The ID of the object for which you create the RAM user provisioning.'."\n" ."\n" .'The value is fixed as the ID of the account in the resource directory.\\`\\`\\`\\`', 'type' => 'string', 'example' => '153218*******', 'title' => ''], 'CreateTime' => ['description' => 'The creation time. The time is displayed in UTC.', 'type' => 'string', 'example' => '2022-11-28T03:55:55Z', 'title' => ''], 'DirectoryId' => ['description' => 'The ID of the resource directory.', 'type' => 'string', 'example' => 'd-003qew84****', 'title' => ''], 'TargetType' => ['description' => 'The object for which you create the RAM user provisioning. The value is fixed as `RD-Account`.', 'type' => 'string', 'example' => 'RD-Account', 'title' => ''], 'EventId' => ['description' => 'The ID of the RAM user provisioning event.', 'type' => 'string', 'example' => 'upe-wjKyNDmZvyZOiRcJ****', 'title' => ''], 'PrincipalType' => ['description' => 'The identity type of the RAM user provisioning. Valid values:'."\n" ."\n" .'- User: The identity of the RAM user provisioning is a CloudSSO user.'."\n" ."\n" .'- Group: The identity of the RAM user provisioning is a CloudSSO user group.', 'type' => 'string', 'example' => 'Group', 'title' => ''], 'LatestAsyncTime' => ['description' => 'The time at which the RAM user provisioning event was last executed. The time is displayed in UTC.', 'type' => 'string', 'example' => '2022-11-28T03:55:55Z', 'title' => ''], ], 'title' => '', 'example' => '', ], 'title' => '', 'example' => '', ], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"NextToken\\": \\"2eEMmhmLa1b7Bbj9UzCgZUGj8DpDeG5TbNknuNKNP2h84KjJRnAb7vzzSDkYNmsidnAybyJYBfnPPB6xfgw54B1Wub2KQmC8LofzqBW2Y****\\",\\n \\"RequestId\\": \\"0D85B43D-EF98-396D-B426-837E428D2D39\\",\\n \\"TotalCounts\\": 110,\\n \\"MaxResults\\": 10,\\n \\"IsTruncated\\": false,\\n \\"UserProvisioningEvents\\": [\\n {\\n \\"UserProvisioningId\\": \\"up-002axzhapcbz6e63****\\",\\n \\"PrincipalId\\": \\"g-02ha881d*****\\",\\n \\"TargetPath\\": \\"rd-******/root/test**\\",\\n \\"ErrorInfo\\": \\"OperationConflict.UserProvisioning.Process.fail.ImsUserExists\\",\\n \\"SourceType\\": \\"StartProvisioning\\",\\n \\"UpdateTime\\": \\"2022-11-28T03:55:55Z\\",\\n \\"DuplicationStrategy\\": \\"KeepBoth\\",\\n \\"DeletionStrategy\\": \\"Keep\\",\\n \\"PrincipalName\\": \\"exampleGroupName\\",\\n \\"TargetName\\": \\"exampleRdMember\\",\\n \\"ErrorCount\\": 1,\\n \\"TargetId\\": \\"153218*******\\",\\n \\"CreateTime\\": \\"2022-11-28T03:55:55Z\\",\\n \\"DirectoryId\\": \\"d-003qew84****\\",\\n \\"TargetType\\": \\"RD-Account\\",\\n \\"EventId\\": \\"upe-wjKyNDmZvyZOiRcJ****\\",\\n \\"PrincipalType\\": \\"Group\\",\\n \\"LatestAsyncTime\\": \\"2022-11-28T03:55:55Z\\"\\n }\\n ]\\n}","type":"json"}]', 'title' => 'ListUserProvisioningEvents', 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListUserProvisioningEvents', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/{#UserProvisioningId}'], ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/*'], ], ], ], ], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListUserProvisioningEvents'], ], ], ], 'ListUserProvisionings' => [ 'summary' => 'Queries Resource Access Management (RAM) user provisionings.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the resource directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-003qew84****', 'title' => ''], ], [ 'name' => 'PrincipalId', 'in' => 'query', 'schema' => ['description' => 'The identity ID of the RAM user provisioning. Valid values:'."\n" ."\n" .'- If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user group (g-\\*\\*\\*\\*\\*\\*\\*\\*).'."\n" ."\n" .'- If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user (u-\\*\\*\\*\\*\\*\\*\\*\\*).', 'type' => 'string', 'required' => false, 'example' => 'u-88d73u*****', 'title' => ''], ], [ 'name' => 'PrincipalType', 'in' => 'query', 'schema' => ['description' => 'The identity type of the RAM user provisioning. Valid values:'."\n" ."\n" .'- User: The identity of the RAM user provisioning is a CloudSSO user.'."\n" ."\n" .'- Group: The identity of the RAM user provisioning is a CloudSSO user group.', 'type' => 'string', 'required' => false, 'example' => 'RD-Account', 'title' => ''], ], [ 'name' => 'TargetId', 'in' => 'query', 'schema' => ['description' => 'The ID of the object for which you create the RAM user provisioning. The value is fixed as the ID of the member in the resource directory.', 'type' => 'string', 'required' => false, 'example' => '1743382******', 'title' => ''], ], [ 'name' => 'TargetType', 'in' => 'query', 'schema' => ['description' => 'The object for which you create the RAM user provisioning. The value is fixed as `RD-Account`.', 'type' => 'string', 'required' => false, 'example' => 'User', 'title' => ''], ], [ 'name' => 'MaxResults', 'in' => 'query', 'schema' => ['description' => 'The maximum number of entries per page.'."\n" ."\n" .'Valid values: 1 to 100.'."\n" ."\n" .'Default value: 10.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '100', 'title' => ''], ], [ 'name' => 'NextToken', 'in' => 'query', 'schema' => ['description' => 'The token that is used to initiate the next request. If this is your first time to call this operation, you do not need to specify the `NextToken` parameter.'."\n" ."\n" .'When you call this operation for the first time, if the total number of entries to return is larger than the value of `MaxResults`, the entries are truncated. The system returns entries based on the value of `MaxResults`, and does not return the excess entries. In this case, the value of the response parameter `IsTruncated` is `true`, and `NextToken` is returned. In the next call, you can use the value of `NextToken` and maintain the settings of the other request parameters to query the excess entries. You can repeat the call until the value of `IsTruncated` becomes `false`. This way, all entries are returned.', 'type' => 'string', 'required' => false, 'example' => '27EbL9j4ZgZjsMZFqbZFgbwQ1VXFU1Khcpx9e2vrW1zwzTBmTGWaM7ixHhRin8SCsxaJdazYVCzeKc2UF2QkyGb83cPhr8ZxrzoaiTd****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The returned results.', 'type' => 'object', 'properties' => [ 'NextToken' => ['description' => 'The token that is used to initiate the next request.'."\n" ."\n" .'> This parameter is returned only when the `IsTruncated` parameter is set to `true`.', 'type' => 'string', 'example' => '27EbL9j4ZgZjsMZFqbZFgbwQ1VXFU1Khcpx9e2vrW1zwzTBmTGWaM7ixHhRin8SCsxaJdazYVCzeKc2UF2QkyGb83cPhr8ZxrzoaiTd****', 'title' => ''], 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'F76AF4FC-****-****-B7CB-74F3********', 'title' => ''], 'MaxResults' => ['description' => 'The maximum number of entries per page.'."\n" ."\n" .'Valid values: 1 to 100.'."\n" ."\n" .'Default value: 10.', 'type' => 'integer', 'format' => 'int32', 'example' => '100', 'title' => ''], 'TotalCounts' => ['description' => 'The total number of entries returned.', 'type' => 'integer', 'format' => 'int32', 'example' => '110', 'title' => ''], 'UserProvisionings' => [ 'description' => 'The RAM user provisionings.', 'type' => 'array', 'items' => [ 'description' => '', 'type' => 'object', 'properties' => [ 'Status' => ['description' => 'The status of the RAM user provisioning. Valid values:'."\n" ."\n" .'- Enabled'."\n" ."\n" .'- Disabled', 'type' => 'string', 'example' => 'Enabled', 'title' => ''], 'Description' => ['description' => 'The description.', 'type' => 'string', 'example' => 'this is a user provisioning.', 'title' => ''], 'UserProvisioningId' => ['description' => 'The ID of the RAM user provisioning.', 'type' => 'string', 'example' => 'up-002axzhapcbz6e63****', 'title' => ''], 'PrincipalId' => ['description' => 'The identity ID of the RAM user provisioning. Valid values:'."\n" ."\n" .'- If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user group (g-\\*\\*\\*\\*\\*\\*\\*\\*).'."\n" ."\n" .'- If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user (u-\\*\\*\\*\\*\\*\\*\\*\\*).', 'type' => 'string', 'example' => 'g-02ha881d*****', 'title' => ''], 'TargetPath' => ['description' => 'The path of the resource directory in which you create the RAM user provisioning for the object.', 'type' => 'string', 'example' => 'rd-******/root/test**', 'title' => ''], 'UpdateTime' => ['description' => 'The modification time.', 'type' => 'string', 'example' => '2022-11-28T03:55:42Z', 'title' => ''], 'DuplicationStrategy' => ['description' => 'The conflict handling policy. The policy is used when a RAM user has the same username as the CloudSSO user who is synchronized to RAM. Valid values:'."\n" ."\n" .'- KeepBoth: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system creates a RAM user whose username is the username of the CloudSSO user plus the suffix `_sso`.'."\n" ."\n" .'- TakeOver: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system replaces the RAM user with the CloudSSO user.', 'type' => 'string', 'example' => 'KeepBoth', 'title' => ''], 'DeletionStrategy' => ['description' => 'The deletion policy. The policy is used to manage synchronized users when you delete the RAM user provisioning. Valid values:'."\n" ."\n" .'- Delete: When you delete the RAM user provisioning, the system deletes the synchronized users.'."\n" ."\n" .'- Keep: When you delete the RAM user provisioning, the system retains the synchronized users.', 'type' => 'string', 'example' => 'Delete', 'title' => ''], 'PrincipalName' => ['description' => 'The identity name of the RAM user provisioning. Valid values:'."\n" ."\n" .'- If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user group.'."\n" ."\n" .'- If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user.', 'type' => 'string', 'example' => 'testGroupName', 'title' => ''], 'TargetName' => ['description' => 'The object for which you create the RAM user provisioning. The value is fixed as `RD-Account`.', 'type' => 'string', 'example' => 'testRdMember', 'title' => ''], 'TargetId' => ['description' => 'The ID of the object for which you create the RAM user provisioning. The value is fixed as the ID of the member in the resource directory.', 'type' => 'string', 'example' => '1743382******', 'title' => ''], 'CreateTime' => ['description' => 'The creation time.', 'type' => 'string', 'example' => '2022-11-28T03:55:42Z', 'title' => ''], 'DirectoryId' => ['description' => 'The ID of the resource directory.', 'type' => 'string', 'example' => 'd-003qew84****', 'title' => ''], 'OwnerPk' => ['description' => 'The ID of the Alibaba Cloud account to which the resource directory belongs.', 'type' => 'string', 'example' => '1639738******', 'title' => ''], 'TargetType' => ['description' => 'The object for which you create the RAM user provisioning. The value is fixed as `RD-Account`.', 'type' => 'string', 'example' => 'RD-Account', 'title' => ''], 'PrincipalType' => ['description' => 'The identity type of the RAM user provisioning. Valid values:'."\n" ."\n" .'- User: The identity of the RAM user provisioning is a CloudSSO user.'."\n" ."\n" .'- Group: The identity of the RAM user provisioning is a CloudSSO user group.', 'type' => 'string', 'example' => 'Group', 'title' => ''], ], 'title' => '', 'example' => '', ], 'title' => '', 'example' => '', ], 'IsTruncated' => ['description' => 'Indicates whether the queried entries are truncated. Valid values:'."\n" ."\n" .'- true'."\n" ."\n" .'- false', 'type' => 'boolean', 'example' => 'true', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"NextToken\\": \\"27EbL9j4ZgZjsMZFqbZFgbwQ1VXFU1Khcpx9e2vrW1zwzTBmTGWaM7ixHhRin8SCsxaJdazYVCzeKc2UF2QkyGb83cPhr8ZxrzoaiTd****\\",\\n \\"RequestId\\": \\"F76AF4FC-****-****-B7CB-74F3********\\",\\n \\"MaxResults\\": 100,\\n \\"TotalCounts\\": 110,\\n \\"UserProvisionings\\": [\\n {\\n \\"Status\\": \\"Enabled\\",\\n \\"Description\\": \\"this is a user provisioning.\\",\\n \\"UserProvisioningId\\": \\"up-002axzhapcbz6e63****\\",\\n \\"PrincipalId\\": \\"g-02ha881d*****\\",\\n \\"TargetPath\\": \\"rd-******/root/test**\\",\\n \\"UpdateTime\\": \\"2022-11-28T03:55:42Z\\",\\n \\"DuplicationStrategy\\": \\"KeepBoth\\",\\n \\"DeletionStrategy\\": \\"Delete\\",\\n \\"PrincipalName\\": \\"testGroupName\\",\\n \\"TargetName\\": \\"testRdMember\\",\\n \\"TargetId\\": \\"1743382******\\",\\n \\"CreateTime\\": \\"2022-11-28T03:55:42Z\\",\\n \\"DirectoryId\\": \\"d-003qew84****\\",\\n \\"OwnerPk\\": \\"1639738******\\",\\n \\"TargetType\\": \\"RD-Account\\",\\n \\"PrincipalType\\": \\"Group\\"\\n }\\n ],\\n \\"IsTruncated\\": true\\n}","type":"json"}]', 'title' => 'ListUserProvisionings', 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListUserProvisionings', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'All Resource', 'arn' => '*'], ], ], ], ], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListUserProvisionings'], ], ], ], 'ListUsers' => [ 'summary' => 'Queries a list of users.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'read', 'deprecated' => false, 'systemTags' => ['operationType' => 'list', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The CloudSSO directory ID.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'Status', 'in' => 'query', 'schema' => ['description' => 'The user status. This parameter is used as a filter condition. Valid values:'."\n" ."\n" .'- Enabled'."\n" ."\n" .'- Disabled', 'type' => 'string', 'required' => false, 'example' => 'Enabled', 'title' => ''], ], [ 'name' => 'ProvisionType', 'in' => 'query', 'schema' => ['description' => 'The user type. This parameter is used as a filter condition. Valid values:'."\n" ."\n" .'- Manual: The user was manually created.'."\n" ."\n" .'- Synchronized: The user was synchronized from an external IdP.', 'type' => 'string', 'required' => false, 'example' => 'Manual', 'title' => ''], ], [ 'name' => 'Filter', 'in' => 'query', 'schema' => ['description' => 'The filter condition.'."\n" ."\n" .'The format is ` `. The filter is not case-sensitive. The `` only supports `UserName`. The `` only supports `eq` (equal to) and `sw` (starts with).'."\n" ."\n" .'Examples:'."\n" ."\n" .'If you configure this parameter to `UserName sw test`, the system queries all users whose usernames start with `test`. If you configure this parameter to `UserName eq testuser`, the system queries the user whose username is `testuser`.', 'type' => 'string', 'required' => false, 'example' => 'UserName sw test', 'title' => ''], ], [ 'name' => 'MaxResults', 'in' => 'query', 'schema' => ['description' => 'The maximum number of entries to return on each page.'."\n" ."\n" .'Valid values: 1 to 100.'."\n" ."\n" .'Default value: 10.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '10', 'title' => ''], ], [ 'name' => 'NextToken', 'in' => 'query', 'schema' => ['description' => 'The pagination token that is used in the next request to retrieve a new page of results. You do not need to specify this parameter for the first request.'."\n" ."\n" .'If the total number of entries exceeds the value of `MaxResults`, the entries are truncated. The system returns the value of `MaxResults` and a `NextToken`. The `IsTruncated` parameter is set to `true`. You can use the returned `NextToken` in the next call to query the remaining entries. Keep the other request parameters unchanged. Repeat this process until the `IsTruncated` parameter is `false`. This indicates that all entries are returned.', 'type' => 'string', 'required' => false, 'example' => 'K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****', 'title' => ''], ], [ 'name' => 'Tags', 'in' => 'query', 'style' => 'repeatList', 'schema' => [ 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Key' => ['description' => 'The tag key.', 'type' => 'string', 'required' => false, 'title' => '', 'example' => ''], 'Value' => ['description' => 'The tag value.', 'type' => 'string', 'required' => false, 'title' => '', 'example' => ''], ], 'required' => false, 'description' => 'The tag attached to the user.', 'title' => '', 'example' => '', ], 'required' => false, 'maxItems' => 21, 'description' => 'The tags attached to the user.', 'title' => '', 'example' => '', ], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'NextToken' => ['description' => 'A pagination token. It can be used in the next request to retrieve a new page of results.'."\n" ."\n" .'> This parameter is returned only when `IsTruncated` is `true`.', 'type' => 'string', 'example' => 'K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****', 'title' => ''], 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '734D9AAC-9A8E-5DF6-A633-ADE70FF2A9B1', 'title' => ''], 'MaxResults' => ['description' => 'The maximum number of entries returned per page.', 'type' => 'integer', 'format' => 'int32', 'example' => '10', 'title' => ''], 'TotalCounts' => ['description' => 'The total number of entries that meet the filter conditions.', 'type' => 'integer', 'format' => 'int32', 'example' => '2', 'title' => ''], 'IsTruncated' => ['description' => 'Indicates whether the results are truncated. Valid values:'."\n" ."\n" .'- true'."\n" ."\n" .'- false', 'type' => 'boolean', 'example' => 'false', 'title' => ''], 'Users' => [ 'description' => 'The list of users.', 'type' => 'array', 'items' => [ 'description' => 'The details of the user.', 'type' => 'object', 'properties' => [ 'Status' => ['description' => 'The status of the user. Valid values:'."\n" ."\n" .'- Enabled'."\n" ."\n" .'- Disabled', 'type' => 'string', 'example' => 'Enabled', 'title' => ''], 'UserName' => ['description' => 'The username.', 'type' => 'string', 'example' => 'AliceLee@example.onmicrosoft.com', 'title' => ''], 'Email' => ['description' => 'The email address of the user.', 'type' => 'string', 'example' => 'AliceLee@example.onmicrosoft.com', 'title' => ''], 'Description' => ['description' => 'The description of the user.', 'type' => 'string', 'example' => 'This is a user.', 'title' => ''], 'UserId' => ['description' => 'The user ID.', 'type' => 'string', 'example' => 'u-00bikzkuzbb58luh****', 'title' => ''], 'FirstName' => ['description' => 'The first name of the user.', 'type' => 'string', 'example' => 'Alice', 'title' => ''], 'CreateTime' => ['description' => 'The time when the user was created. The time is in UTC.', 'type' => 'string', 'example' => '2021-06-30T09:20:08Z', 'title' => ''], 'ProvisionType' => ['description' => 'The type of the user. Valid values:'."\n" ."\n" .'- Manual: The user was manually created.'."\n" ."\n" .'- Synchronized: The user was synchronized from an external IdP.', 'type' => 'string', 'example' => 'Synchronized', 'title' => ''], 'DisplayName' => ['description' => 'The display name of the user.', 'type' => 'string', 'example' => 'AliceLee', 'title' => ''], 'UpdateTime' => ['description' => 'The time when the user was last modified. The time is in UTC.', 'type' => 'string', 'example' => '2021-06-30T09:20:08Z', 'title' => ''], 'LastName' => ['description' => 'The last name of the user.', 'type' => 'string', 'example' => 'Lee', 'title' => ''], 'ExternalId' => [ 'description' => 'The identifier of the user in an external IdP.', 'type' => 'object', 'properties' => [ 'Id' => ['description' => 'The identifier of the user in the external IdP.', 'type' => 'string', 'example' => 'c73******a5fdd5'."\n", 'title' => ''], 'Issuer' => ['description' => 'The channel for external user synchronization. Currently, only SCIM synchronization is supported.', 'type' => 'string', 'example' => 'SCIM', 'title' => ''], ], 'title' => '', 'example' => '', ], 'Tags' => [ 'type' => 'array', 'items' => [ 'type' => 'object', 'properties' => [ 'Key' => ['description' => 'The tag key.', 'type' => 'string', 'title' => '', 'example' => ''], 'Value' => ['description' => 'The tag value.', 'type' => 'string', 'title' => '', 'example' => ''], ], 'description' => 'The tag attached to the user.', 'title' => '', 'example' => '', ], 'description' => 'The tags attached to the user.', 'title' => '', 'example' => '', ], ], 'title' => '', 'example' => '', ], 'title' => '', 'example' => '', ], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"NextToken\\": \\"K1c3o9K7pFxoTtxH1Nm7MMLb7zrDGvftYBQBPDVv7AD3a8yhRb3Mk8L9ivmN6bFSjfkZNTAg3h4****\\",\\n \\"RequestId\\": \\"734D9AAC-9A8E-5DF6-A633-ADE70FF2A9B1\\",\\n \\"MaxResults\\": 10,\\n \\"TotalCounts\\": 2,\\n \\"IsTruncated\\": false,\\n \\"Users\\": [\\n {\\n \\"Status\\": \\"Enabled\\",\\n \\"UserName\\": \\"AliceLee@example.onmicrosoft.com\\",\\n \\"Email\\": \\"AliceLee@example.onmicrosoft.com\\",\\n \\"Description\\": \\"This is a user.\\",\\n \\"UserId\\": \\"u-00bikzkuzbb58luh****\\",\\n \\"FirstName\\": \\"Alice\\",\\n \\"CreateTime\\": \\"2021-06-30T09:20:08Z\\",\\n \\"ProvisionType\\": \\"Synchronized\\",\\n \\"DisplayName\\": \\"AliceLee\\",\\n \\"UpdateTime\\": \\"2021-06-30T09:20:08Z\\",\\n \\"LastName\\": \\"Lee\\",\\n \\"ExternalId\\": {\\n \\"Id\\": \\"c73******a5fdd5\\\\n\\",\\n \\"Issuer\\": \\"SCIM\\"\\n },\\n \\"Tags\\": [\\n {\\n \\"Key\\": \\"\\",\\n \\"Value\\": \\"\\"\\n }\\n ]\\n }\\n ]\\n}","type":"json"}]', 'title' => 'ListUsers', 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListUsers', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/*'], ], ], ], ], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListUsers'], ], ], ], 'ProvisionAccessConfiguration' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The directory ID.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'AccessConfigurationId', 'in' => 'query', 'schema' => ['description' => 'The ID of the access configuration.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'ac-00jhtfl8thteu6uj****', 'title' => ''], ], [ 'name' => 'TargetType', 'in' => 'query', 'schema' => ['description' => 'The type of the task object. Set the value to RD-Account, which specifies the accounts in the resource directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'RD-Account', 'title' => ''], ], [ 'name' => 'TargetId', 'in' => 'query', 'schema' => ['description' => 'The ID of the task object.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => '114240524784****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The returned results.', 'type' => 'object', 'properties' => [ 'Tasks' => [ 'description' => 'The task information.', 'type' => 'array', 'items' => [ 'description' => '', 'type' => 'object', 'properties' => [ 'Status' => ['description' => 'The task status. Valid values:'."\n" ."\n" .'- InProgress: The task is running.'."\n" ."\n" .'- Success: The task is successful.'."\n" ."\n" .'- Failed: The task failed.', 'type' => 'string', 'example' => 'InProgress', 'title' => ''], 'TaskId' => ['description' => 'The task ID.', 'type' => 'string', 'example' => 't-shqlhd8uvt280rtm****', 'title' => ''], 'TargetPath' => ['description' => 'The path ID of the task object in the resource directory.', 'type' => 'string', 'example' => 'rd-3G****/r-Wm****/114240524784****', 'title' => ''], 'TargetName' => ['description' => 'The name of the task object.', 'type' => 'string', 'example' => 'dev-test', 'title' => ''], 'TargetId' => ['description' => 'The ID of the task object.', 'type' => 'string', 'example' => '114240524784****', 'title' => ''], 'AccessConfigurationName' => ['description' => 'The name of the access configuration.', 'type' => 'string', 'example' => 'ECS-Admin', 'title' => ''], 'TargetPathName' => ['description' => 'The path name of the task object in the resource directory.', 'type' => 'string', 'example' => 'rd-3G****/root/dev-test', 'title' => ''], 'TaskType' => ['description' => 'The task type. The value is fixed as ProvisionAccessConfiguration, which indicates that an access configuration is provisioned.', 'type' => 'string', 'example' => 'ProvisionAccessConfiguration', 'title' => ''], 'TargetType' => ['description' => 'The type of the task object. The value is fixed as RD-Account, which indicates the accounts in the resource directory.', 'type' => 'string', 'example' => 'RD-Account', 'title' => ''], 'AccessConfigurationId' => ['description' => 'The ID of the access configuration.', 'type' => 'string', 'example' => 'ac-00jhtfl8thteu6uj****', 'title' => ''], ], 'title' => '', 'example' => '', ], 'title' => '', 'example' => '', ], 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'DFDC16B2-4509-5FA6-9FA5-3CD35E4292FB', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'asynchronous', 'callback' => 'cloudsso::2021-05-15::GetTask', 'callbackInterval' => 10000, 'maxCallbackTimes' => 5], 'title' => 'ProvisionAccessConfiguration', 'summary' => 'Provisions an access configuration for an account in your resource directory.', 'description' => 'When you call this operation, an asynchronous task is automatically created. You can call the [GetTask](~~340670~~) operation to query the progress of the task based on the value of the `TaskId` response parameter.'."\n" ."\n" .'This topic provides an example on how to provision the access configuration `ac-00jhtfl8thteu6uj****` for the account `114240524784****` in your resource directory.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ProvisionAccessConfiguration'], ], ], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:ProvisionAccessConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Tasks\\": [\\n {\\n \\"Status\\": \\"InProgress\\",\\n \\"TaskId\\": \\"t-shqlhd8uvt280rtm****\\",\\n \\"TargetPath\\": \\"rd-3G****/r-Wm****/114240524784****\\",\\n \\"TargetName\\": \\"dev-test\\",\\n \\"TargetId\\": \\"114240524784****\\",\\n \\"AccessConfigurationName\\": \\"ECS-Admin\\",\\n \\"TargetPathName\\": \\"rd-3G****/root/dev-test\\",\\n \\"TaskType\\": \\"ProvisionAccessConfiguration\\",\\n \\"TargetType\\": \\"RD-Account\\",\\n \\"AccessConfigurationId\\": \\"ac-00jhtfl8thteu6uj****\\"\\n }\\n ],\\n \\"RequestId\\": \\"DFDC16B2-4509-5FA6-9FA5-3CD35E4292FB\\"\\n}","type":"json"}]', ], 'RemoveExternalSAMLIdPCertificate' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'CertificateId', 'in' => 'query', 'schema' => ['description' => 'The ID of the certificate.'."\n" ."\n" .'You can call the [ListExternalSAMLIdPCertificates](~~341629~~) operation to query the IDs of certificates.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'idp-c-00dt9gnl7fmjaw9c****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '400979BC-92EC-58B9-B47C-6913BD56A6FD', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"400979BC-92EC-58B9-B47C-6913BD56A6FD\\"\\n}","errorExample":""},{"type":"xml","example":"\\n 400979BC-92EC-58B9-B47C-6913BD56A6FD\\n","errorExample":""}]', 'title' => 'RemoveExternalSAMLIdPCertificate', 'summary' => 'Removes a Security Assertion Markup Language (SAML) signing certificate.', 'description' => 'This topic provides an example on how to remove the SAML signing certificate whose ID is `idp-c-00dt9gnl7fmjaw9c****`.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:RemoveExternalSAMLIdPCertificate', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'RemovePermissionPolicyFromAccessConfiguration' => [ 'summary' => 'Removes a policy from an access configuration.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'AccessConfigurationId', 'in' => 'query', 'schema' => ['description' => 'The ID of the access configuration.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'ac-00jhtfl8thteu6uj****', 'title' => ''], ], [ 'name' => 'PermissionPolicyType', 'in' => 'query', 'schema' => ['description' => 'The type of the policy. Valid values:'."\n" ."\n" .'- System: system policy.'."\n" ."\n" .'- Inline: inline policy.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'System', 'title' => ''], ], [ 'name' => 'PermissionPolicyName', 'in' => 'query', 'schema' => ['description' => 'The name of the policy.', 'type' => 'string', 'required' => false, 'docRequired' => true, 'example' => 'AliyunECSFullAccess', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '9B13E4EE-3853-5852-9165-597C32AD8FB7', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'RemovePermissionPolicyFromAccessConfiguration', 'description' => 'After you remove an inline policy from an access configuration, the policy cannot be restored.'."\n" ."\n" .'This topic provides an example on how to remove the system policy `AliyunECSFullAccess` from the access configuration `ac-00jhtfl8thteu6uj****`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'RemovePermissionPolicyFromAccessConfiguration'], ], ], 'ramActions' => [ [ 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:RemovePermissionPolicyFromAccessConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"9B13E4EE-3853-5852-9165-597C32AD8FB7\\"\\n}","type":"json"}]', ], 'RemoveUserFromGroup' => [ 'summary' => 'Removes a user from a group.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'delete', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'GroupId', 'in' => 'query', 'schema' => ['description' => 'The ID of the group.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'g-00jqzghi2n3o5hkh****', 'title' => ''], ], [ 'name' => 'UserId', 'in' => 'query', 'schema' => ['description' => 'The ID of the user.', 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], ], [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => 'F723DE01-6276-5DC4-9B1F-9CBE3E1748B2', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"F723DE01-6276-5DC4-9B1F-9CBE3E1748B2\\"\\n}","errorExample":""},{"type":"xml","example":"\\n F723DE01-6276-5DC4-9B1F-9CBE3E1748B2\\n","errorExample":""}]', 'title' => 'RemoveUserFromGroup', 'description' => 'If System for Cross-domain Identity Management (SCIM) synchronization is enabled, you cannot remove a user from a group that is synchronized by using SCIM.'."\n" ."\n" .'This topic provides an example on how to remove the user `u-00q8wbq42wiltcrk****` from the group `g-00jqzghi2n3o5hkh****`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '50', 'countWindow' => 1, 'regionId' => '*', 'api' => 'RemoveUserFromGroup'], ], ], 'ramActions' => [ [ 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:RemoveUserFromGroup', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/{#GroupId}'], ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], ], ], 'ResetUserPassword' => [ 'summary' => 'Resets the password of a user.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'UserId', 'in' => 'query', 'schema' => ['description' => 'The ID of the user.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], ], [ 'name' => 'Password', 'in' => 'query', 'schema' => ['description' => 'The new password.'."\n" ."\n" .'The password must contain the following types of characters: uppercase letters, lowercase letters, digits, and special characters.'."\n" ."\n" .'The password must be 8 to 32 characters in length.'."\n" ."\n" .'> If you set `GenerateRandomPassword` to `False`, you must specify `Password`.', 'type' => 'string', 'required' => false, 'example' => 'uc)XK$?ictf72CKFDy9vtWaFmISl****', 'title' => ''], ], [ 'name' => 'GenerateRandomPassword', 'in' => 'query', 'schema' => ['description' => 'Specifies whether to enable the system to automatically generate a new password. Valid values:'."\n" ."\n" .'- True: The new password is automatically generated by the system.'."\n" ."\n" .'- False: The new password must be manually specified. This is the default value.', 'type' => 'boolean', 'required' => false, 'example' => 'True', 'title' => ''], ], [ 'name' => 'RequirePasswordResetForNextLogin', 'in' => 'query', 'schema' => ['description' => 'Specifies whether password reset is required upon the next logon. Valid values:'."\n" ."\n" .'- True: Password reset is required upon the next logon.'."\n" ."\n" .'- False: Password reset is not required upon the next logon. This is the default value.', 'type' => 'boolean', 'required' => false, 'example' => 'False', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'NewPassword' => ['description' => 'The new password.'."\n" ."\n" .'> This parameter is returned only when the new password is automatically generated by the system.', 'type' => 'string', 'example' => 'W2koInFIm0Wy2wVZ$oB)MzD$nY!G****', 'title' => ''], 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'F44F02EC-70D1-5E51-8E8E-FA9AC4EF952A', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'ResetUserPassword', 'description' => 'If a user forgets the password, the password expires, or the password poses security risks, a CloudSSO administrator can reset the password for the user.'."\n" ."\n" .'> After you enable single sign-on (SSO) logon, the password of a user cannot be reset.'."\n" ."\n" .'This topic provides an example on how to reset the password of the user `u-00q8wbq42wiltcrk****`. The new password is automatically generated by the system.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ResetUserPassword'], ], ], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:ResetUserPassword', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"NewPassword\\": \\"W2koInFIm0Wy2wVZ$oB)MzD$nY!G****\\",\\n \\"RequestId\\": \\"F44F02EC-70D1-5E51-8E8E-FA9AC4EF952A\\"\\n}","type":"json"}]', ], 'RetryUserProvisioningEvent' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'EventId', 'in' => 'query', 'schema' => ['description' => 'The ID of the RAM user provisioning event.'."\n" ."\n" .'You can call the [ListUserProvisioningEvents](~~2636305~~) operation to query the value of `EventId`.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'upe-wjKyNDmZvyZOiRcJ****', 'title' => ''], ], [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the resource directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-003qew84****', 'title' => ''], ], [ 'name' => 'DuplicationStrategy', 'in' => 'query', 'schema' => ['description' => 'The conflict handling policy. The policy is used when a RAM user has the same username as the CloudSSO user who is synchronized to RAM. Valid values:'."\n" ."\n" .'* KeepBoth: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system creates a RAM user whose username is the username of the CloudSSO user plus the suffix `_sso`.'."\n" .'* TakeOver: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system replaces the RAM user with the CloudSSO user.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'KeepBoth', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The returned results.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => 'F6F90F3D-4502-5877-B80B-97476F6AE2CC', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'asynchronous', 'callback' => 'cloudsso::2021-05-15::GetUserProvisioningEvent', 'callbackInterval' => 10000, 'maxCallbackTimes' => 5], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"F6F90F3D-4502-5877-B80B-97476F6AE2CC\\"\\n}","errorExample":""},{"type":"xml","example":"\\n 69A4AB33-****-****-****-29AA0B56****\\n","errorExample":""}]', 'title' => 'RetryUserProvisioningEvent', 'summary' => 'Retries a Resource Access Management (RAM) user provisioning event.', 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:RetryUserProvisioningEvent', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/{#UserProvisioningId}'], ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/*'], ], ], ], ], ], 'SetExternalSAMLIdentityProvider' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'EncodedMetadataDocument', 'in' => 'query', 'schema' => ['description' => 'The metadata file of the IdP. The value of this parameter is Base64-encoded.'."\n" ."\n" .'The file is provided by the IdP that supports SAML 2.0.'."\n", 'type' => 'string', 'required' => false, 'example' => 'PD94bWwgdmVyc2lvbj0iMS4****', 'title' => ''], ], [ 'name' => 'SSOStatus', 'in' => 'query', 'schema' => ['description' => 'The status of SSO logon. Valid values:'."\n" ."\n" .'* Enabled'."\n" .'* Disabled (default)'."\n", 'type' => 'string', 'required' => false, 'example' => 'Disabled', 'title' => ''], ], [ 'name' => 'EntityId', 'in' => 'query', 'schema' => ['description' => 'The entity ID of the IdP.'."\n", 'type' => 'string', 'required' => false, 'example' => 'http://www.okta.com/exk3qwgtjhetR2Od****', 'title' => ''], ], [ 'name' => 'LoginUrl', 'in' => 'query', 'schema' => ['description' => 'The logon URL of the IdP.'."\n", 'type' => 'string', 'required' => false, 'example' => 'https://dev-xxxxxx.okta.com/app/dev-xxxxxx_cloudssodemo_1/exk3qwgtjhetR2Od****/sso/saml', 'title' => ''], ], [ 'name' => 'WantRequestSigned', 'in' => 'query', 'schema' => ['description' => 'Specifies whether CloudSSO needs to sign SAML requests. The requests are sent when users log on to the CloudSSO user portal to initiate SAML-based SSO. Valid values:'."\n" ."\n" .'* true'."\n" .'* false (default)'."\n", 'type' => 'boolean', 'required' => false, 'example' => 'false', 'title' => ''], ], [ 'name' => 'X509Certificate', 'in' => 'query', 'schema' => ['description' => 'The X.509 certificate in the PEM format. If you specify this parameter, all existing certificates are replaced.'."\n", 'type' => 'string', 'required' => false, 'example' => 'MIIC8DCCAdigAwIBAgIQP9eomUYGeoND****', 'title' => ''], ], [ 'name' => 'BindingType', 'in' => 'query', 'schema' => ['description' => 'The binding for sending SAML requests. Valid values:'."\n" ."\n" .'* Post: HTTP Post bindings.'."\n" .'* Redirect: HTTP Redirect bindings.'."\n", 'type' => 'string', 'required' => false, 'example' => 'Redirect', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '63160579-2E1B-57B0-8273-B27427172385', 'title' => ''], 'SAMLIdentityProviderConfiguration' => [ 'description' => 'The configurations of the IdP.'."\n", 'type' => 'object', 'properties' => [ 'EntityId' => ['description' => 'The entity ID of the IdP.'."\n", 'type' => 'string', 'example' => 'http://www.okta.com/exk3qwgtjhetR2Od****', 'title' => ''], 'SSOStatus' => ['description' => 'The status of SSO logon. Valid values:'."\n" ."\n" .'* Enabled'."\n" .'* Disabled'."\n", 'type' => 'string', 'example' => 'Disabled', 'title' => ''], 'DirectoryId' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'example' => 'd-00fc2p61****', 'title' => ''], 'EncodedMetadataDocument' => ['description' => 'The metadata file of the IdP. The value of this parameter is Base64-encoded.'."\n", 'type' => 'string', 'example' => 'PD94bWwgdmVyc2lvbj0iMS4****', 'title' => ''], 'CreateTime' => ['description' => 'The time when the IdP was configured for the first time.'."\n", 'type' => 'string', 'example' => '2021-11-10T02:57:16Z', 'title' => ''], 'WantRequestSigned' => ['description' => 'Indicates whether CloudSSO needs to sign SAML requests. The requests are sent when users log on to the CloudSSO user portal to initiate SAML-based SSO. Valid values:'."\n" ."\n" .'* true'."\n" .'* false (default)'."\n", 'type' => 'boolean', 'example' => 'false', 'title' => ''], 'UpdateTime' => ['description' => 'The time when the IdP configurations were last modified.'."\n", 'type' => 'string', 'example' => '2021-11-10T02:57:16Z', 'title' => ''], 'CertificateIds' => [ 'description' => 'The IDs of the SAML signing certificates.'."\n", 'type' => 'array', 'items' => ['description' => 'The ID of the SAML signing certificate.'."\n" ."\n" .'Multiple IDs are separated by commas (,).'."\n", 'type' => 'string', 'example' => '[ "idp-c-00buzdx63z8ewtdf****", "idp-c-00gmuxnr2mrek3t2****" ]', 'title' => ''], 'title' => '', ], 'LoginUrl' => ['description' => 'The logon URL of the IdP.'."\n", 'type' => 'string', 'example' => 'https://dev-xxxxxx.okta.com/app/dev-xxxxxx_cloudssodemo_1/exk3qwgtjhetR2Od****/sso/saml', 'title' => ''], 'BindingType' => ['description' => 'The binding for sending SAML requests. Valid values:'."\n" ."\n" .'* Post: HTTP Post bindings.'."\n" .'* Redirect: HTTP Redirect bindings.'."\n", 'type' => 'string', 'example' => 'Redirect', 'title' => ''], ], 'title' => '', ], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"63160579-2E1B-57B0-8273-B27427172385\\",\\n \\"SAMLIdentityProviderConfiguration\\": {\\n \\"EntityId\\": \\"http://www.okta.com/exk3qwgtjhetR2Od****\\",\\n \\"SSOStatus\\": \\"Disabled\\",\\n \\"DirectoryId\\": \\"d-00fc2p61****\\",\\n \\"EncodedMetadataDocument\\": \\"PD94bWwgdmVyc2lvbj0iMS4****\\",\\n \\"CreateTime\\": \\"2021-11-10T02:57:16Z\\",\\n \\"WantRequestSigned\\": false,\\n \\"UpdateTime\\": \\"2021-11-10T02:57:16Z\\",\\n \\"CertificateIds\\": [\\n \\"[ \\\\\\"idp-c-00buzdx63z8ewtdf****\\\\\\", \\\\\\"idp-c-00gmuxnr2mrek3t2****\\\\\\" ]\\"\\n ],\\n \\"LoginUrl\\": \\"https://dev-xxxxxx.okta.com/app/dev-xxxxxx_cloudssodemo_1/exk3qwgtjhetR2Od****/sso/saml\\",\\n \\"BindingType\\": \\"Redirect\\"\\n }\\n}","errorExample":""},{"type":"xml","example":"\\n 63160579-2E1B-57B0-8273-B27427172385\\n \\n http://www.okta.com/exk3qwgtjhetR2Od****\\n Disabled\\n d-00fc2p61****\\n PD94bWwgdmVyc2lvbj0iMS4****\\n 2021-11-10T02:57:16Z\\n false\\n 2021-11-10T02:57:16Z\\n idp-c-00buzdx63z8ewtdf****\\n idp-c-00gmuxnr2mrek3t2****\\n https://dev-xxxxxx.okta.com/app/dev-xxxxxx_cloudssodemo_1/exk3qwgtjhetR2Od****/sso/saml\\n \\n","errorExample":""}]', 'title' => 'SetExternalSAMLIdentityProvider', 'summary' => 'Configures a Security Assertion Markup Language (SAML) identity provider (IdP).', 'description' => 'During SAML 2.0-based single sign-on (SSO) logon, CloudSSO is a service provider (SP), and the identity management system of an enterprise is an IdP.'."\n" ."\n" .'You can use one of the following methods to configure a SAML IdP. You can obtain the required metadata file or parameter values from your IdP.'."\n" ."\n" .'* Use the metadata file: You can specify the `EncodedMetadataDocument` parameter to upload the metadata file.'."\n" .'* Manually configure the IdP: You can manually specify the following parameters for your IdP: `EntityId`, `LoginUrl`, `WantRequestSigned`, and `X509Certificate`.'."\n" ."\n" .'If you have configured a SAML IdP, the existing configurations are replaced after you call this operation.'."\n" ."\n" .'* If the IdP is configured by using the metadata file, all existing configurations are replaced with new configurations.'."\n" .'* If the IdP is manually configured, the original parameter values that are different from the new parameter values are replaced.'."\n" ."\n" .'> If SSO logon is enabled, new configurations immediately take effect. Take note of the impacts on the production environment.'."\n" ."\n" .'This topic provides an example on how to configure an IdP by using the metadata file within the directory `d-00fc2p61****`.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:SetExternalSAMLIdentityProvider', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'SetLoginPreference' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'LoginNetworkMasks', 'in' => 'query', 'schema' => ['description' => 'The IP address whitelist. CloudSSO users can log on to the CloudSSO user portal only by using the IP addresses in the whitelist. Limits:'."\n" ."\n" .'* You can enter IP addresses or CIDR blocks. IPv4 addresses are supported.'."\n" .'* You can enter up to 100 IP addresses or CIDR blocks. Separate multiple IP addresses or CIDR blocks with semicolons `(;)`.'."\n" .'* If you do not specify this parameter, the original settings are retained.'."\n" .'* If you set this parameter to a semicolon (`;`), the value of this parameter is cleared.'."\n" .'* The IP address whitelist takes effect only on CloudSSO users who want to log on to the CloudSSO user portal by using the username-password logon or single sign-on (SSO) method. The IP address whitelist does not take effect on CloudSSO users who access accounts in a resource directory from the CloudSSO user portal.'."\n", 'type' => 'string', 'required' => false, 'example' => '192.168.0.0/16;10.0.0.0/8', 'title' => ''], ], [ 'name' => 'AllowUserToGetCredentials', 'in' => 'query', 'schema' => ['description' => 'Specifies whether to allow a user to obtain the application access credential after logon to the portal. Valid values:'."\n" ."\n" .'* True'."\n" .'* False (default)'."\n", 'type' => 'boolean', 'required' => false, 'example' => 'True', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The returned result.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '9B13E4EE-3853-5852-9165-597C32AD8FB7', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"9B13E4EE-3853-5852-9165-597C32AD8FB7\\"\\n}","type":"json"}]', 'title' => 'SetLoginPreference', 'summary' => 'Configures the logon preference of CloudSSO users.', 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:SetLoginPreference', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'SetMFAAuthenticationStatus' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'MFAAuthenticationStatus', 'in' => 'query', 'schema' => ['description' => 'The status of MFA. Valid values:'."\n" ."\n" .'* Enabled'."\n" .'* Disabled'."\n", 'type' => 'string', 'required' => false, 'example' => 'Enabled', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '14E2B1A9-7713-5E6F-8409-8DE12DF51AF4', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"14E2B1A9-7713-5E6F-8409-8DE12DF51AF4\\"\\n}","errorExample":""},{"type":"xml","example":"\\n 14E2B1A9-7713-5E6F-8409-8DE12DF51AF4\\n","errorExample":""}]', 'title' => 'SetMFAAuthenticationStatus', 'summary' => 'Enables or disables multi-factor authentication (MFA) for users in a directory.', 'description' => 'If a CloudSSO administrator enables username-password logon for users, CloudSSO automatically enables MFA to improve security. The administrator can call this operation to enable or disable MFA based on the business requirements.'."\n" ."\n" .'This topic provides an example on how to enable MFA for users.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:SetMFAAuthenticationStatus', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'SetPasswordPolicy' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'MinPasswordLength', 'in' => 'query', 'schema' => ['description' => 'The minimum password length.'."\n" ."\n" .'Valid values: 8 to 32 characters.'."\n", 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '8', 'title' => ''], ], [ 'name' => 'MinPasswordDifferentChars', 'in' => 'query', 'schema' => ['description' => 'The minimum number of unique characters in a password.'."\n" ."\n" .'The minimum value is 0, which specifies that the minimum number of unique characters in a password is not limited. The maximum value is the value of the `MinPasswordLength` parameter.'."\n", 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '8', 'title' => ''], ], [ 'name' => 'PasswordNotContainUsername', 'in' => 'query', 'schema' => ['description' => 'Specifies whether a password can contain the username. Valid value:'."\n" ."\n" .'* true: A password cannot contain the username.'."\n" .'* false: A password can contain the username.'."\n", 'type' => 'boolean', 'required' => false, 'example' => 'true', 'title' => ''], ], [ 'name' => 'MaxPasswordAge', 'in' => 'query', 'schema' => ['description' => 'The validity period of a password.'."\n" ."\n" .'Valid values: 1 to 120. Unit: days.'."\n", 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '90', 'title' => ''], ], [ 'name' => 'PasswordReusePrevention', 'in' => 'query', 'schema' => ['description' => 'The policy for password history check.'."\n" ."\n" .'The previous N passwords cannot be reused. Valid values of N: 0 to 24. The value 0 specifies that all historical passwords can be reused.'."\n" ."\n" .'> Passwords that are generated before January 5, 2024 are not counted as historical passwords.'."\n", 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '1', 'title' => ''], ], [ 'name' => 'MaxLoginAttempts', 'in' => 'query', 'schema' => ['description' => 'The number of password retries.'."\n" ."\n" .'If you enter wrong passwords for the specified consecutive times, the account is locked for 1 hour.'."\n" ."\n" .'Valid values: 0 to 32. The value 0 specifies that the number of password retries is not limited.'."\n", 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '5', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The returned result.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '768F908D-A66A-5A5D-816C-20C93CBBFEE3', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"768F908D-A66A-5A5D-816C-20C93CBBFEE3\\"\\n}","type":"json"}]', 'title' => 'SetPasswordPolicy', 'summary' => 'Configures a password policy for CloudSSO users.', 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:SetPasswordPolicy', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'SetSCIMSynchronizationStatus' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'SCIMSynchronizationStatus', 'in' => 'query', 'schema' => ['description' => 'The status of SCIM synchronization. Valid values:'."\n" ."\n" .'* Enabled'."\n" .'* Disabled'."\n", 'type' => 'string', 'required' => false, 'example' => 'Enabled', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => '3BF1FC78-5D20-54CC-BAEB-8CC33AE21D01', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"3BF1FC78-5D20-54CC-BAEB-8CC33AE21D01\\"\\n}","errorExample":""},{"type":"xml","example":"\\n 3BF1FC78-5D20-54CC-BAEB-8CC33AE21D01\\n","errorExample":""}]', 'title' => 'SetSCIMSynchronizationStatus', 'summary' => 'Enables or disables System for Cross-domain Identity Management (SCIM) synchronization.', 'description' => 'You can synchronize users or groups from an external identity provider (IdP) that supports SCIM 2.0 to CloudSSO only after SCIM synchronization is enabled. If you disable SCIM synchronization, you can no longer synchronize users or groups to CloudSSO. The following list describes the impacts after SCIM synchronization is enabled or disabled:'."\n" ."\n" .'* After you enable SCIM synchronization, you cannot modify or delete the users or groups that are synchronized to CloudSSO by using SCIM. In addition, you cannot add users to or remove users from the groups. However, you can change the passwords of the users and enable or disable the logon of the users.'."\n" .'* After you disable SCIM synchronization, you can modify and delete the users and groups that are synchronized to CloudSSO by using SCIM. You can also add users to or remove users from the groups.'."\n" ."\n" .'This topic provides an example on how to enable SCIM synchronization within the directory `d-00fc2p61****`.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:SetSCIMSynchronizationStatus', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'UpdateAccessConfiguration' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'AccessConfigurationId', 'in' => 'query', 'schema' => ['description' => 'The ID of the access configuration.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'ac-00jhtfl8thteu6uj****', 'title' => ''], ], [ 'name' => 'NewDescription', 'in' => 'query', 'schema' => ['description' => 'The new description of the access configuration.'."\n" ."\n" .'The description can be up to 1,024 characters in length.', 'type' => 'string', 'required' => false, 'example' => 'This is an access configuration.', 'title' => ''], ], [ 'name' => 'NewSessionDuration', 'in' => 'query', 'schema' => ['description' => 'The new duration of a session'."\n" ."\n" .'in which a CloudSSO user accesses an account in your resource directory by using the access configuration.'."\n" ."\n" .'Unit: seconds.'."\n" ."\n" .'Valid values: 900 to 43200. The value 900 indicates 15 minutes. The value 43200 indicates 12 hours.', 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '3600', 'title' => ''], ], [ 'name' => 'NewRelayState', 'in' => 'query', 'schema' => ['description' => 'The new initial web page'."\n" ."\n" .'that is displayed after a CloudSSO user accesses an account in your resource directory by using the access configuration.'."\n" ."\n" .'The web page must be a page of the Alibaba Cloud Management Console.', 'type' => 'string', 'required' => false, 'example' => 'https://cloudsso.console.aliyun.com', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '9B13E4EE-3853-5852-9165-597C32AD8FB7', 'title' => ''], 'AccessConfiguration' => [ 'description' => 'The information about the access configuration.', 'type' => 'object', 'properties' => [ 'AccessConfigurationName' => ['description' => 'The name of the access configuration.', 'type' => 'string', 'example' => 'ECS-Admin', 'title' => ''], 'SessionDuration' => ['description' => 'The duration of a session'."\n" ."\n" .'in which a CloudSSO user accesses an account in your resource directory by using the access configuration.'."\n" ."\n" .'Unit: seconds.', 'type' => 'integer', 'format' => 'int32', 'example' => '3600', 'title' => ''], 'Description' => ['description' => 'The description of the access configuration.', 'type' => 'string', 'example' => 'This is an access configuration.', 'title' => ''], 'RelayState' => ['description' => 'The initial web page'."\n" ."\n" .'that is displayed after a CloudSSO user accesses an account in your resource directory by using the access configuration.', 'type' => 'string', 'example' => 'https://cloudsso.console.aliyun.com', 'title' => ''], 'CreateTime' => ['description' => 'The time when the access configuration was created.', 'type' => 'string', 'example' => '2021-11-02T08:44:23Z', 'title' => ''], 'UpdateTime' => ['description' => 'The time when the information about the access configuration was modified.', 'type' => 'string', 'example' => '2021-11-02T10:10:01Z', 'title' => ''], 'StatusNotifications' => [ 'description' => 'The status notifications.', 'type' => 'array', 'items' => ['description' => 'The status notification. Valid values:'."\n" ."\n" .'- Empty: No status notifications are sent.'."\n" ."\n" .'- ReprovisionRequired: The access configuration needs to be re-provisioned.', 'type' => 'string', 'example' => 'ReprovisionRequired', 'title' => ''], 'title' => '', 'example' => '', ], 'AccessConfigurationId' => ['description' => 'The ID of the access configuration.', 'type' => 'string', 'example' => 'ac-00jhtfl8thteu6uj****', 'title' => ''], ], 'title' => '', 'example' => '', ], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'UpdateAccessConfiguration', 'summary' => 'Modifies information about an access configuration.', 'description' => 'You can modify the `Description`, `SessionDuration`, and `RelayState` parameters for an access configuration.'."\n" ."\n" .'This topic provides an example on how to change the initial web page in the access configuration `ac-00jhtfl8thteu6uj****` to `https://cloudsso.console.aliyun.com`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'UpdateAccessConfiguration'], ], ], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UpdateAccessConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"9B13E4EE-3853-5852-9165-597C32AD8FB7\\",\\n \\"AccessConfiguration\\": {\\n \\"AccessConfigurationName\\": \\"ECS-Admin\\",\\n \\"SessionDuration\\": 3600,\\n \\"Description\\": \\"This is an access configuration.\\",\\n \\"RelayState\\": \\"https://cloudsso.console.aliyun.com\\",\\n \\"CreateTime\\": \\"2021-11-02T08:44:23Z\\",\\n \\"UpdateTime\\": \\"2021-11-02T10:10:01Z\\",\\n \\"StatusNotifications\\": [\\n \\"ReprovisionRequired\\"\\n ],\\n \\"AccessConfigurationId\\": \\"ac-00jhtfl8thteu6uj****\\"\\n }\\n}","type":"json"}]', ], 'UpdateDirectory' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'NewDirectoryName', 'in' => 'query', 'schema' => ['description' => 'The new name of the directory. The name must be globally unique.'."\n" ."\n" .'The name can contain lowercase letters, digits, and hyphens (-). The name cannot start or end with a hyphen (-) and cannot contain two consecutive hyphens (-). If you want the new name of the directory to start with `d-`, you must set this parameter to the ID of the directory.'."\n" ."\n" .'The name must be 2 to 64 characters in length.'."\n", 'type' => 'string', 'required' => false, 'example' => 'new-example', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => 'B182C041-8C64-5F2F-A07B-FC67FAF89CF9', 'title' => ''], 'Directory' => [ 'description' => 'The information about the directory.'."\n", 'type' => 'object', 'properties' => [ 'DirectoryId' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'example' => 'd-00fc2p61****', 'title' => ''], 'CreateTime' => ['description' => 'The time when the directory was created.'."\n", 'type' => 'string', 'example' => '2021-06-30T08:35:26Z', 'title' => ''], 'UpdateTime' => ['description' => 'The time when the directory was modified.'."\n", 'type' => 'string', 'example' => '2021-10-25T09:13:24Z', 'title' => ''], 'Region' => ['description' => 'The region ID of the directory.'."\n", 'type' => 'string', 'example' => 'cn-shanghai', 'title' => ''], 'DirectoryName' => ['description' => 'The name of the directory.'."\n", 'type' => 'string', 'example' => 'new-example', 'title' => ''], ], 'title' => '', ], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"B182C041-8C64-5F2F-A07B-FC67FAF89CF9\\",\\n \\"Directory\\": {\\n \\"DirectoryId\\": \\"d-00fc2p61****\\",\\n \\"CreateTime\\": \\"2021-06-30T08:35:26Z\\",\\n \\"UpdateTime\\": \\"2021-10-25T09:13:24Z\\",\\n \\"Region\\": \\"cn-shanghai\\",\\n \\"DirectoryName\\": \\"new-example\\"\\n }\\n}","errorExample":""},{"type":"xml","example":"\\n B182C041-8C64-5F2F-A07B-FC67FAF89CF9\\n \\n d-00fc2p61****\\n 2021-06-30T08:35:26Z\\n 2021-10-25T09:13:24Z\\n cn-shanghai\\n new-example\\n \\n","errorExample":""}]', 'title' => 'UpdateDirectory', 'summary' => 'Changes the name of a directory.', 'description' => 'After you change the name of a directory, the URL that is used to log on to the CloudSSO user portal is changed. You must notify the CloudSSO users of the correct URL.'."\n" ."\n" .'This topic provides an example on how to change the name of a directory to `new-example`.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UpdateDirectory', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'UpdateGroup' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'GroupId', 'in' => 'query', 'schema' => ['description' => 'The ID of the group.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'g-00jqzghi2n3o5hkh****', 'title' => ''], ], [ 'name' => 'NewGroupName', 'in' => 'query', 'schema' => ['description' => 'The new name of the group.', 'type' => 'string', 'required' => false, 'example' => 'NewTestGroup', 'title' => ''], ], [ 'name' => 'NewDescription', 'in' => 'query', 'schema' => ['description' => 'The new description of the group.', 'type' => 'string', 'required' => false, 'example' => 'This is a group.', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'Group' => [ 'description' => 'The information about the group.', 'type' => 'object', 'properties' => [ 'GroupName' => ['description' => 'The name of the group.', 'type' => 'string', 'example' => 'NewTestGroup', 'title' => ''], 'Description' => ['description' => 'The description of the group.', 'type' => 'string', 'example' => 'This is a group.', 'title' => ''], 'CreateTime' => ['description' => 'The time when the group was created.', 'type' => 'string', 'example' => '2021-11-01T02:38:27Z', 'title' => ''], 'ProvisionType' => ['description' => 'The type of the group. Valid values:'."\n" ."\n" .'- Manual: The group is manually created.'."\n" ."\n" .'- Synchronized: The group is synchronized from an external identity provider (IdP).', 'type' => 'string', 'example' => 'Manual', 'title' => ''], 'UpdateTime' => ['description' => 'The time when the group was modified.', 'type' => 'string', 'example' => '2021-11-01T06:06:11Z', 'title' => ''], 'GroupId' => ['description' => 'The ID of the group.', 'type' => 'string', 'example' => 'g-00jqzghi2n3o5hkh****', 'title' => ''], ], 'title' => '', 'example' => '', ], 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'F723DE01-6276-5DC4-9B1F-9CBE3E1748B2', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'UpdateGroup', 'summary' => 'Modifies the information about a group.', 'description' => 'You can modify `GroupName` and `Description` for a group.'."\n" ."\n" .'> If System for Cross-domain Identity Management (SCIM) synchronization is enabled, you cannot modify information about a group that is synchronized by using SCIM.'."\n" ."\n" .'This topic provides an example on how to modify the name of the group `g-00jqzghi2n3o5hkh****` to `NewTestGroup`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'UpdateGroup'], ], ], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UpdateGroup', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/{#GroupId}'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"Group\\": {\\n \\"GroupName\\": \\"NewTestGroup\\",\\n \\"Description\\": \\"This is a group.\\",\\n \\"CreateTime\\": \\"2021-11-01T02:38:27Z\\",\\n \\"ProvisionType\\": \\"Manual\\",\\n \\"UpdateTime\\": \\"2021-11-01T06:06:11Z\\",\\n \\"GroupId\\": \\"g-00jqzghi2n3o5hkh****\\"\\n },\\n \\"RequestId\\": \\"F723DE01-6276-5DC4-9B1F-9CBE3E1748B2\\"\\n}","type":"json"}]', ], 'UpdateInlinePolicyForAccessConfiguration' => [ 'summary' => 'Modifies an inline policy that is created for an access configuration.', 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'AccessConfigurationId', 'in' => 'query', 'schema' => ['description' => 'The ID of the access configuration.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'ac-00jhtfl8thteu6uj****', 'title' => ''], ], [ 'name' => 'InlinePolicyName', 'in' => 'query', 'schema' => ['description' => 'The name of the inline policy.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'InlinePolicy', 'title' => ''], ], [ 'name' => 'NewInlinePolicyDocument', 'in' => 'query', 'schema' => ['description' => 'The new configurations of the inline policy.'."\n" ."\n" .'The value can be up to 4,096 characters in length.'."\n" ."\n" .'For more information about the syntax and structure of RAM policies, see [Policy syntax and structure](~~93739~~).', 'type' => 'string', 'required' => false, 'example' => '{"Statement": [{"Action": "*","Effect": "Allow","Resource": "*"}],"Version": "1"}', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '9B13E4EE-3853-5852-9165-597C32AD8FB7', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'UpdateInlinePolicyForAccessConfiguration', 'description' => 'This topic provides an example on how to modify an inline policy that is created for the access configuration `ac-00jhtfl8thteu6uj****`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'UpdateInlinePolicyForAccessConfiguration'], ], ], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UpdateInlinePolicyForAccessConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"9B13E4EE-3853-5852-9165-597C32AD8FB7\\"\\n}","type":"json"}]', ], 'UpdateMFAAuthenticationSettings' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'MFAAuthenticationSettings', 'in' => 'query', 'schema' => ['description' => 'Specifies whether to enable MFA for all users. Valid values:'."\n" ."\n" .'* Enabled: enables MFA for all users.'."\n" .'* Byuser: uses user-specific settings. For more information about how to configure MFA for a single user, see [UpdateUserMFAAuthenticationSettings](~~450135~~).'."\n" .'* Disabled: disables MFA for all users.'."\n" .'* OnlyRiskyLogin: MFA is required only for unusual logons.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'Enabled', 'title' => ''], ], [ 'name' => 'OperationForRiskLogin', 'in' => 'query', 'schema' => ['description' => 'Specifies whether MFA is required for users who initiated unusual logons. Valid values:'."\n" ."\n" .'Autonomous: MFA is prompted for users who initiated unusual logons. However, the users are allowed to skip MFA. If an MFA device is bound to a user who initiated an unusual logon, the user must pass MFA. EnforceVerify: MFA is required. If no MFA devices are bound to a user who initiated an unusual logon, the user must bind an MFA device. If an MFA device is already bound to a user who initiated an unusual logon, the user must pass MFA.'."\n", 'type' => 'string', 'required' => false, 'example' => 'Autonomous', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => 'A1C748E3-8944-5593-81BC-7D96AE24F77B', 'title' => ''], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"A1C748E3-8944-5593-81BC-7D96AE24F77B\\"\\n}","errorExample":""},{"type":"xml","example":"\\n A1C748E3-8944-5593-81BC-7D96AE24F77B\\n","errorExample":""}]', 'title' => 'UpdateMFAAuthenticationSettings', 'summary' => 'Modifies the multi-factor authentication (MFA) setting of all users.', 'description' => 'If you enable username-password logon for CloudSSO users, you can also configure MFA for the users.'."\n" ."\n" .'This topic provides an example on how to enable MFA for all CloudSSO users that belong to the directory named `d-00fc2p61****`.'."\n", 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UpdateMFAAuthenticationSettings', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'UpdateSCIMServerCredentialStatus' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'CredentialId', 'in' => 'query', 'schema' => ['description' => 'The ID of the SCIM credential.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'scimcred-004whl0kvfwcypbi****', 'title' => ''], ], [ 'name' => 'NewStatus', 'in' => 'query', 'schema' => ['description' => 'The new status of the SCIM credential. Valid values:'."\n" ."\n" .'- Enabled: The SCIM credential is enabled.'."\n" ."\n" .'- Disabled: The SCIM credential is disabled.', 'type' => 'string', 'required' => false, 'example' => 'Disabled', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '7C086C2F-1C66-57B3-B14E-2C1DA70727CD', 'title' => ''], 'SCIMServerCredential' => [ 'description' => 'The information about the SCIM credential.', 'type' => 'object', 'properties' => [ 'Status' => ['description' => 'The status of the SCIM credential. Valid values:'."\n" ."\n" .'- Enabled: The SCIM credential is enabled.'."\n" ."\n" .'- Disabled: The SCIM credential is disabled.', 'type' => 'string', 'example' => 'Disabled', 'title' => ''], 'DirectoryId' => ['description' => 'The ID of the directory.', 'type' => 'string', 'example' => 'd-00fc2p61****', 'title' => ''], 'CredentialId' => ['description' => 'The ID of the SCIM credential.', 'type' => 'string', 'example' => 'scimcred-004whl0kvfwcypbi****', 'title' => ''], 'CreateTime' => ['description' => 'The time when the SCIM credential was created.', 'type' => 'string', 'example' => '2021-11-09T08:12:52Z', 'title' => ''], 'CredentialType' => ['description' => 'The type of the SCIM credential.', 'type' => 'string', 'example' => 'BearerToken', 'title' => ''], 'ExpireTime' => ['description' => 'The time when the SCIM credential expires.', 'type' => 'string', 'example' => '2022-11-09T08:12:52Z', 'title' => ''], ], 'title' => '', 'example' => '', ], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'UpdateSCIMServerCredentialStatus', 'summary' => 'Enables or disables a System for Cross-domain Identity Management (SCIM) credential.', 'description' => 'This topic provides an example on how to disable the SCIM credential whose ID is `scimcred-004whl0kvfwcypbi****`. After the SCIM credential is disabled, the synchronization task that uses the SCIM credential fails. You can call this operation again to enable the SCIM credential.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'UpdateSCIMServerCredentialStatus'], ], ], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UpdateSCIMServerCredentialStatus', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'SCIMServerCredential', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/scim-credential/{#CredentialId}'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"7C086C2F-1C66-57B3-B14E-2C1DA70727CD\\",\\n \\"SCIMServerCredential\\": {\\n \\"Status\\": \\"Disabled\\",\\n \\"DirectoryId\\": \\"d-00fc2p61****\\",\\n \\"CredentialId\\": \\"scimcred-004whl0kvfwcypbi****\\",\\n \\"CreateTime\\": \\"2021-11-09T08:12:52Z\\",\\n \\"CredentialType\\": \\"BearerToken\\",\\n \\"ExpireTime\\": \\"2022-11-09T08:12:52Z\\"\\n }\\n}","type":"json"}]', ], 'UpdateUser' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'UserId', 'in' => 'query', 'schema' => ['description' => 'The ID of the user.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], ], [ 'name' => 'NewFirstName', 'in' => 'query', 'schema' => ['description' => 'The new first name of the user.', 'type' => 'string', 'required' => false, 'example' => 'Alice', 'title' => ''], ], [ 'name' => 'NewLastName', 'in' => 'query', 'schema' => ['description' => 'The new last name of the user.', 'type' => 'string', 'required' => false, 'example' => 'Lee', 'title' => ''], ], [ 'name' => 'NewDisplayName', 'in' => 'query', 'schema' => ['description' => 'The new display name of the user.', 'type' => 'string', 'required' => false, 'example' => 'AliceLee', 'title' => ''], ], [ 'name' => 'NewDescription', 'in' => 'query', 'schema' => ['description' => 'The new description of the user.', 'type' => 'string', 'required' => false, 'example' => 'This is a user.', 'title' => ''], ], [ 'name' => 'NewEmail', 'in' => 'query', 'schema' => ['description' => 'The new email address of the user.', 'type' => 'string', 'required' => false, 'example' => 'AliceLee@example.com', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'User' => [ 'description' => 'The information about the user.', 'type' => 'object', 'properties' => [ 'Status' => ['description' => 'The status of the user. Valid values:'."\n" ."\n" .'- Enabled: The logon of the user is enabled.'."\n" ."\n" .'- Disabled: The logon of the user is disabled.', 'type' => 'string', 'example' => 'Enabled', 'title' => ''], 'UserName' => ['description' => 'The username of the user.', 'type' => 'string', 'example' => 'Alice', 'title' => ''], 'Email' => ['description' => 'The email address of the user.', 'type' => 'string', 'example' => 'AliceLee@example.com', 'title' => ''], 'Description' => ['description' => 'The description of the user.', 'type' => 'string', 'example' => 'This is a user.', 'title' => ''], 'UserId' => ['description' => 'The ID of the user.', 'type' => 'string', 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], 'FirstName' => ['description' => 'The first name of the user.', 'type' => 'string', 'example' => 'Alice', 'title' => ''], 'CreateTime' => ['description' => 'The time when the user was created. The value is displayed in UTC.', 'type' => 'string', 'example' => '2021-10-26T03:03:42Z', 'title' => ''], 'ProvisionType' => ['description' => 'The type of the user. Valid values:'."\n" ."\n" .'- Manual: The user is manually created.'."\n" ."\n" .'- Synchronized: The user is synchronized from an external identity provider (IdP).', 'type' => 'string', 'example' => 'Manual', 'title' => ''], 'DisplayName' => ['description' => 'The display name of the user.', 'type' => 'string', 'example' => 'Alice', 'title' => ''], 'UpdateTime' => ['description' => 'The time when the information about the user was modified. The value is displayed in UTC.', 'type' => 'string', 'example' => '2021-10-26T07:32:32Z', 'title' => ''], 'LastName' => ['description' => 'The last name of the user.', 'type' => 'string', 'example' => 'Lee', 'title' => ''], ], 'title' => '', 'example' => '', ], 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'F44F02EC-70D1-5E51-8E8E-FA9AC4EF952A', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'UpdateUser', 'summary' => 'Modifies information about a user.', 'description' => 'You can modify `FirstName`, `LastName`, `DisplayName`, `Email`, and `Description` for a user. You cannot modify `UserName` for a user.'."\n" ."\n" .'> If System for Cross-domain Identity Management (SCIM) synchronization is enabled, you cannot modify information about a user that is synchronized by using SCIM.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'UpdateUser'], ], ], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UpdateUser', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"User\\": {\\n \\"Status\\": \\"Enabled\\",\\n \\"UserName\\": \\"Alice\\",\\n \\"Email\\": \\"AliceLee@example.com\\",\\n \\"Description\\": \\"This is a user.\\",\\n \\"UserId\\": \\"u-00q8wbq42wiltcrk****\\",\\n \\"FirstName\\": \\"Alice\\",\\n \\"CreateTime\\": \\"2021-10-26T03:03:42Z\\",\\n \\"ProvisionType\\": \\"Manual\\",\\n \\"DisplayName\\": \\"Alice\\",\\n \\"UpdateTime\\": \\"2021-10-26T07:32:32Z\\",\\n \\"LastName\\": \\"Lee\\"\\n },\\n \\"RequestId\\": \\"F44F02EC-70D1-5E51-8E8E-FA9AC4EF952A\\"\\n}","type":"json"}]', ], 'UpdateUserMFAAuthenticationSettings' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'UserId', 'in' => 'query', 'schema' => ['description' => 'The ID of the user.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], ], [ 'name' => 'UserMFAAuthenticationSettings', 'in' => 'query', 'schema' => ['description' => 'Specifies whether to enable MFA for the user. Valid values:'."\n" ."\n" .'- Enabled: enables MFA for the user.'."\n" ."\n" .'- Disabled: disables MFA for the user.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'Enabled', 'title' => ''], ], [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => '5E6C6049-E9B0-5F6F-A104-6150E3B1F4D7', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'UpdateUserMFAAuthenticationSettings', 'summary' => 'Modifies the multi-factor authentication (MFA) setting of a single user.', 'description' => 'If you call the [UpdateMFAAuthenticationSettings](~~450134~~) operation to set the MFAAuthenticationSettings parameter to `Byuser`, user-specific settings are applied. Then, you must call the UpdateUserMFAAuthenticationSettings operation to configure MFA for each user.'."\n" ."\n" .'By default, the MFAAuthenticationSettings parameter is set to `Enabled` for a new user.'."\n" ."\n" .'This topic provides an example on how to enable MFA for the user named `u-00q8wbq42wiltcrk****`.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'UpdateUserMFAAuthenticationSettings'], ], ], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UpdateUserMFAAuthenticationSettings', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"5E6C6049-E9B0-5F6F-A104-6150E3B1F4D7\\"\\n}","type":"json"}]', ], 'UpdateUserProvisioning' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the resource directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-003qew84****', 'title' => ''], ], [ 'name' => 'UserProvisioningId', 'in' => 'query', 'schema' => ['description' => 'The ID of the RAM user provisioning.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'up-002axzhapcbz6e63****', 'title' => ''], ], [ 'name' => 'NewDuplicationStrategy', 'in' => 'query', 'schema' => ['description' => 'The new conflict handling policy. The policy is used when a RAM user has the same username as the CloudSSO user who is synchronized to RAM. Valid values:'."\n" ."\n" .'- KeepBoth: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system creates a RAM user whose username is the username of the CloudSSO user plus the suffix `_sso`.'."\n" ."\n" .'- TakeOver: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system replaces the RAM user with the CloudSSO user.', 'type' => 'string', 'required' => false, 'example' => 'KeepBoth', 'title' => ''], ], [ 'name' => 'NewDeletionStrategy', 'in' => 'query', 'schema' => ['description' => 'The new deletion policy. The policy is used to manage synchronized users when you delete the RAM user provisioning. Valid values:'."\n" ."\n" .'- Delete: When you delete the RAM user provisioning, the system deletes the synchronized users.'."\n" ."\n" .'- Keep: When you delete the RAM user provisioning, the system retains the synchronized users.', 'type' => 'string', 'required' => false, 'example' => 'Delete', 'title' => ''], ], [ 'name' => 'NewDescription', 'in' => 'query', 'schema' => ['description' => 'The new description of the RAM user provisioning.', 'type' => 'string', 'required' => false, 'example' => 'description*****', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The returned results.', 'type' => 'object', 'properties' => [ 'UserProvisioning' => [ 'description' => 'The information about the RAM user provisioning.', 'type' => 'object', 'properties' => [ 'Status' => ['description' => 'The status of the RAM user provisioning. Valid values:'."\n" ."\n" .'- Enabled'."\n" ."\n" .'- Disabled', 'type' => 'string', 'example' => 'Enabled', 'title' => ''], 'Description' => ['description' => 'The description for the RAM user provisioning.', 'type' => 'string', 'example' => 'This is a user provisioning.', 'title' => ''], 'UserProvisioningId' => ['description' => 'The ID of the RAM user provisioning.', 'type' => 'string', 'example' => 'up-002axzhapcbz6e63****', 'title' => ''], 'PrincipalId' => ['description' => 'The identity ID of the RAM user provisioning. Valid values:'."\n" ."\n" .'- If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user group (g-\\*\\*\\*\\*\\*\\*\\*\\*).'."\n" ."\n" .'- If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the ID of a CloudSSO user (u-\\*\\*\\*\\*\\*\\*\\*\\*).', 'type' => 'string', 'example' => 'g-02ha881d*****', 'title' => ''], 'TargetPath' => ['description' => 'The path of the resource directory in which you create the RAM user provisioning for the object.', 'type' => 'string', 'example' => 'rd-******/root/test**', 'title' => ''], 'UpdateTime' => ['description' => 'The modification time.', 'type' => 'string', 'example' => '2022-11-28T03:55:42Z', 'title' => ''], 'DuplicationStrategy' => ['description' => 'The conflict handling policy. The policy is used when a RAM user has the same username as the CloudSSO user who is synchronized to RAM. Valid values:'."\n" ."\n" .'- KeepBoth: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system creates a RAM user whose username is the username of the CloudSSO user plus the suffix `_sso`.'."\n" ."\n" .'- TakeOver: When a CloudSSO user is synchronized to RAM, if a RAM user who has the same username as the CloudSSO user exists, the system replaces the RAM user with the CloudSSO user.', 'type' => 'string', 'example' => 'KeepBoth', 'title' => ''], 'DeletionStrategy' => ['description' => 'The deletion policy. The policy is used to manage synchronized users when you delete the RAM user provisioning. Valid values:'."\n" ."\n" .'- Delete: When you delete the RAM user provisioning, the system deletes the synchronized users.'."\n" ."\n" .'- Keep: When you delete the RAM user provisioning, the system retains the synchronized users.', 'type' => 'string', 'example' => 'Delete', 'title' => ''], 'PrincipalName' => ['description' => 'The identity name of the RAM user provisioning. Valid values:'."\n" ."\n" .'- If `Group` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user group.'."\n" ."\n" .'- If `User` is returned for the `PrincipalType` parameter, the value of this parameter is the name of a CloudSSO user.', 'type' => 'string', 'example' => 'testUserName', 'title' => ''], 'TargetName' => ['description' => 'The name of the object for which you create the RAM user provisioning. The value is fixed as the name of the resource directory.', 'type' => 'string', 'example' => 'testMemberName', 'title' => ''], 'TargetId' => ['description' => 'The ID of the object for which you create the RAM user provisioning. The value is fixed as the ID of the account in the resource directory.', 'type' => 'string', 'example' => 'u-02ha881d*****', 'title' => ''], 'CreateTime' => ['description' => 'The creation time.', 'type' => 'string', 'example' => '2022-11-28T03:55:42Z', 'title' => ''], 'DirectoryId' => ['description' => 'The ID of the resource directory.', 'type' => 'string', 'example' => 'd-003qew84****', 'title' => ''], 'OwnerPk' => ['description' => 'The ID of the Alibaba Cloud account to which the resource directory belongs.', 'type' => 'string', 'example' => '164987310*****', 'title' => ''], 'TargetType' => ['description' => 'The object for which you create the RAM user provisioning. The value is fixed as `RD-Account`.', 'type' => 'string', 'example' => 'RD-Account', 'title' => ''], 'PrincipalType' => ['description' => 'The identity type of the RAM user provisioning. Valid values:'."\n" ."\n" .'- User: indicates that the identity of the RAM user provisioning is a CloudSSO user.'."\n" ."\n" .'- Group: indicates that the identity of the RAM user provisioning is a CloudSSO user group.', 'type' => 'string', 'example' => 'User', 'title' => ''], ], 'title' => '', 'example' => '', ], 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'F6F90F3D-4502-5877-B80B-97476F6AE2CC', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'UpdateUserProvisioning', 'summary' => 'Modifies a Resource Access Management (RAM) user provisioning.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'UpdateUserProvisioning'], ], ], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UpdateUserProvisioning', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/{#UserProvisioningId}'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"UserProvisioning\\": {\\n \\"Status\\": \\"Enabled\\",\\n \\"Description\\": \\"This is a user provisioning.\\",\\n \\"UserProvisioningId\\": \\"up-002axzhapcbz6e63****\\",\\n \\"PrincipalId\\": \\"g-02ha881d*****\\",\\n \\"TargetPath\\": \\"rd-******/root/test**\\",\\n \\"UpdateTime\\": \\"2022-11-28T03:55:42Z\\",\\n \\"DuplicationStrategy\\": \\"KeepBoth\\",\\n \\"DeletionStrategy\\": \\"Delete\\",\\n \\"PrincipalName\\": \\"testUserName\\",\\n \\"TargetName\\": \\"testMemberName\\",\\n \\"TargetId\\": \\"u-02ha881d*****\\",\\n \\"CreateTime\\": \\"2022-11-28T03:55:42Z\\",\\n \\"DirectoryId\\": \\"d-003qew84****\\",\\n \\"OwnerPk\\": \\"164987310*****\\",\\n \\"TargetType\\": \\"RD-Account\\",\\n \\"PrincipalType\\": \\"User\\"\\n },\\n \\"RequestId\\": \\"F6F90F3D-4502-5877-B80B-97476F6AE2CC\\"\\n}","type":"json"}]', ], 'UpdateUserProvisioningConfiguration' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'readAndWrite', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the resource directory.'."\n", 'type' => 'string', 'required' => true, 'docRequired' => true, 'example' => 'd-003qew84****', 'title' => ''], ], [ 'name' => 'NewDefaultLandingPage', 'in' => 'query', 'schema' => ['description' => 'The new default URL for a CloudSSO user who logs on to the Alibaba Cloud Management Console.'."\n" ."\n" .'Default value: https://homenew.console.aliyun.com.'."\n", 'type' => 'string', 'required' => false, 'example' => 'https://home.console.aliyun.com/home/dashboard/ProductAndService', 'title' => ''], ], [ 'name' => 'NewSessionDuration', 'in' => 'query', 'schema' => ['description' => 'The new duration of the logon session.'."\n" ."\n" .'Unit: hours.'."\n" ."\n" .'Valid values: 1 to 24.'."\n" ."\n" .'Default value: 6.'."\n", 'type' => 'integer', 'format' => 'int32', 'required' => false, 'example' => '6', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The returned results.'."\n", 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.'."\n", 'type' => 'string', 'example' => 'BBC2ED1D-FAC5-3DF8-B63C-992B85B08DD9', 'title' => ''], 'UserProvisioningConfiguration' => [ 'description' => 'The global configurations of the RAM user provisioning.'."\n", 'type' => 'object', 'properties' => [ 'SessionDuration' => ['description' => 'The duration of the logon session.'."\n" ."\n" .'Unit: hours.'."\n" ."\n" .'Valid values: 1 to 24.'."\n" ."\n" .'Default value: 6.'."\n", 'type' => 'integer', 'format' => 'int32', 'example' => '6', 'title' => ''], 'CreateTime' => ['description' => 'The creation time.'."\n", 'type' => 'string', 'example' => '2022-11-28T03:55:42Z', 'title' => ''], 'DirectoryId' => ['description' => 'The ID of the resource directory.'."\n", 'type' => 'string', 'example' => 'd-003qew84****', 'title' => ''], 'DefaultLandingPage' => ['description' => 'The default URL for a CloudSSO user who logs on to the Alibaba Cloud Management Console.'."\n" ."\n" .'Default value: https://homenew.console.aliyun.com.'."\n", 'type' => 'string', 'example' => 'https://homenew.console.aliyun.com', 'title' => ''], 'UpdateTime' => ['description' => 'The modification time.'."\n", 'type' => 'string', 'example' => '2022-11-28T03:55:42Z', 'title' => ''], ], 'title' => '', ], ], 'title' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'responseDemo' => '[{"type":"json","example":"{\\n \\"RequestId\\": \\"BBC2ED1D-FAC5-3DF8-B63C-992B85B08DD9\\",\\n \\"UserProvisioningConfiguration\\": {\\n \\"SessionDuration\\": 6,\\n \\"CreateTime\\": \\"2022-11-28T03:55:42Z\\",\\n \\"DirectoryId\\": \\"d-003qew84****\\",\\n \\"DefaultLandingPage\\": \\"https://homenew.console.aliyun.com\\",\\n \\"UpdateTime\\": \\"2022-11-28T03:55:42Z\\"\\n }\\n}","errorExample":""},{"type":"xml","example":"\\n 66898413-EB80-556D-9429-06FE3548F672\\n \\n 7\\n 2022-11-28T03:55:42Z\\n 2022-11-28T03:55:42Z\\n d-003qew84****\\n https://home.console.aliyun.com/home/dashboard/ProductAndService\\n -\\n 2022-11-28T03:55:42Z\\n 2022-11-28T03:55:42Z\\n \\n","errorExample":""}]', 'title' => 'UpdateUserProvisioningConfiguration', 'summary' => 'Modifies the global configurations of a Resource Access Management (RAM) user provisioning.', 'changeSet' => [], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UpdateUserProvisioningConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], ], ], 'UpdateUserStatus' => [ 'methods' => ['post', 'get'], 'schemes' => ['https'], 'security' => [ [ 'AK' => [], ], ], 'operationType' => 'write', 'deprecated' => false, 'systemTags' => ['operationType' => 'update', 'riskType' => 'none', 'chargeType' => 'free'], 'parameters' => [ [ 'name' => 'DirectoryId', 'in' => 'query', 'schema' => ['description' => 'The ID of the directory.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'd-00fc2p61****', 'title' => ''], ], [ 'name' => 'UserId', 'in' => 'query', 'schema' => ['description' => 'The ID of the user.', 'type' => 'string', 'docRequired' => true, 'required' => true, 'example' => 'u-00q8wbq42wiltcrk****', 'title' => ''], ], [ 'name' => 'NewStatus', 'in' => 'query', 'schema' => ['description' => 'The new status of the user. Valid values:'."\n" ."\n" .'- Enabled: The logon of the user is enabled.'."\n" ."\n" .'- Disabled: The logon of the user is disabled.', 'type' => 'string', 'required' => false, 'example' => 'Disabled', 'title' => ''], ], ], 'responses' => [ 200 => [ 'schema' => [ 'description' => 'The response parameters.', 'type' => 'object', 'properties' => [ 'RequestId' => ['description' => 'The request ID.', 'type' => 'string', 'example' => 'EE598602-AC67-56EF-B7CC-2927C30AA0A8', 'title' => ''], ], 'title' => '', 'example' => '', ], ], ], 'staticInfo' => ['returnType' => 'synchronous'], 'title' => 'UpdateUserStatus', 'summary' => 'Changes the status of a user.', 'description' => 'This topic provides an example on how to change the status of the user whose ID is `u-00q8wbq42wiltcrk****` to Disabled. Users in the Disabled state cannot log on to the CloudSSO user portal.', 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'UpdateUserStatus'], ], ], 'ramActions' => [ [ 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UpdateUserStatus', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], ], 'responseDemo' => '[{"errorExample":"","example":"{\\n \\"RequestId\\": \\"EE598602-AC67-56EF-B7CC-2927C30AA0A8\\"\\n}","type":"json"}]', ], ], 'endpoints' => [ ['regionId' => 'cn-shanghai', 'regionName' => 'China (Shanghai)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'cloudsso.cn-shanghai.aliyuncs.com', 'endpoint' => 'cloudsso.cn-shanghai.aliyuncs.com', 'vpc' => 'cloudsso-vpc.cn-shanghai.aliyuncs.com'], ['regionId' => 'cn-hongkong', 'regionName' => 'China (Hong Kong)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'cloudsso.cn-hongkong.aliyuncs.com', 'endpoint' => 'cloudsso.cn-hongkong.aliyuncs.com', 'vpc' => 'cloudsso-vpc.cn-hongkong.aliyuncs.com'], ['regionId' => 'ap-northeast-2', 'regionName' => 'South Korea (Seoul)', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'cloudsso.ap-northeast-2.aliyuncs.com', 'endpoint' => 'cloudsso.ap-northeast-2.aliyuncs.com', 'vpc' => 'cloudsso-vpc.ap-northeast-2.aliyuncs.com'], ['regionId' => 'ap-southeast-1', 'regionName' => 'Singapore', 'areaId' => 'asiaPacific', 'areaName' => 'Asia Pacific', 'public' => 'cloudsso.ap-southeast-1.aliyuncs.com', 'endpoint' => 'cloudsso.ap-southeast-1.aliyuncs.com', 'vpc' => 'cloudsso-vpc.ap-southeast-1.aliyuncs.com'], ['regionId' => 'us-west-1', 'regionName' => 'US (Silicon Valley)', 'areaId' => 'europeAmerica', 'areaName' => 'Europe & Americas', 'public' => 'cloudsso.us-west-1.aliyuncs.com', 'endpoint' => 'cloudsso.us-west-1.aliyuncs.com', 'vpc' => 'cloudsso-vpc.us-west-1.aliyuncs.com'], ['regionId' => 'eu-central-1', 'regionName' => 'Germany (Frankfurt)', 'areaId' => 'europeAmerica', 'areaName' => 'Europe & Americas', 'public' => 'cloudsso.eu-central-1.aliyuncs.com', 'endpoint' => 'cloudsso.eu-central-1.aliyuncs.com', 'vpc' => 'cloudsso-vpc.eu-central-1.aliyuncs.com'], ], 'errorCodes' => [ ['code' => 'AuthenticationCodeError', 'message' => 'MFA Device authenticate failed.', 'http_code' => 400, 'description' => 'MFA Device authenticate failed.'], ['code' => 'AuthenticationFailed.Password', 'message' => 'Auth Password failed.', 'http_code' => 409, 'description' => 'Failed to verify the password.'], ['code' => 'BlackListForbidden.DirectoryName', 'message' => 'The Directory Name you specified is not allowed.', 'http_code' => 401, 'description' => 'The directory name is invalid. Enter another name.'], ['code' => 'DeletionConflict.AccessConfiguration.PermissionPolicy', 'message' => 'Make sure that the access configuration does not contain a permission policy before the deletion.', 'http_code' => 409, 'description' => 'Before you delete the access configuration, make sure that the policy is detached.'], ['code' => 'DeletionConflict.AccessConfiguration.Task', 'message' => 'Make sure that the access configuration does not relate to an in-progress task before the deletion.', 'http_code' => 409, 'description' => 'Make sure that there are no running tasks before deleting the access configuration.'], ['code' => 'DeletionConflict.Directory.AccessConfiguration', 'message' => 'Make sure that the directory does not contain an access configuration before the deletion.', 'http_code' => 409, 'description' => 'Before you delete the directory, make sure that all access configurations are deleted.'], ['code' => 'DeletionConflict.Directory.ExternalSAMLIdentityProvider', 'message' => 'Make sure that the directory has not configured external SAML identity provider before the deletion.', 'http_code' => 409, 'description' => 'Before you delete the directory, make sure that all external IdP configurations are deleted.'], ['code' => 'DeletionConflict.Directory.Group', 'message' => 'Make sure that the directory does not contain a user group before the deletion.', 'http_code' => 409, 'description' => 'Before you delete the directory, make sure that all groups are deleted.'], ['code' => 'DeletionConflict.Directory.SCIMCredential', 'message' => 'Make sure that the directory does not contain a SCIM credential before the deletion.', 'http_code' => 409, 'description' => 'Before you delete the directory, make sure that all SCIM credentials are deleted.'], ['code' => 'DeletionConflict.Directory.User', 'message' => 'Make sure that the directory does not contain a user before the deletion.', 'http_code' => 409, 'description' => 'Before you delete the directory, make sure that all users are deleted.'], ['code' => 'DeletionConflict.Group.AccessAssigment', 'message' => 'Make sure that the user group has no access assignment before the deletion.', 'http_code' => 409, 'description' => 'Before you delete the group, make sure that access assignments are removed from the group.'], ['code' => 'DeletionConflict.Group.User', 'message' => 'Make sure that the user group does not contain a user before the deletion.', 'http_code' => 409, 'description' => 'Before you delete the group, make sure that all users are removed from the group.'], ['code' => 'DeletionConflict.Group.UserProvision', 'message' => 'Make sure that the user group has no user provision assignment before the deletion.', 'http_code' => 409, 'description' => 'Before you delete the group, make sure that RAM user provisioning is disabled for the group.'], ['code' => 'DeletionConflict.Service.Directory', 'message' => 'Make sure that no directories exists before you disable the Cloud SSO service.', 'http_code' => 409, 'description' => 'Make sure that no directories exists before you disable the Cloud SSO service.'], ['code' => 'DeletionConflict.User.AccessAssigment', 'message' => 'Make sure that the user has no access assignment before the deletion.', 'http_code' => 409, 'description' => 'Before you delete the user, make sure that access assignments are removed from the user.'], ['code' => 'DeletionConflict.User.Group', 'message' => 'Make sure that the user is not added to a user group before the deletion.', 'http_code' => 409, 'description' => 'Before you delete the user, make sure that the user is removed from all groups.'], ['code' => 'DeletionConflict.User.MFADevice', 'message' => 'Make sure that the user is not bound to an MFA device before the deletion.', 'http_code' => 409, 'description' => 'Before you delete the user, make sure that MFA devices are unbound from the user.'], ['code' => 'DeletionConflict.User.UserProvisioning', 'message' => 'Make sure that the user is not assign user provision before the deletion.', 'http_code' => 409, 'description' => 'Make sure that the user is not assign user provision before the deletion.'], ['code' => 'EntityAlreadyExists.AccessAssignment', 'message' => 'AccessAssignment already exists.', 'http_code' => 409, 'description' => 'The permission assignment already exists.'], ['code' => 'EntityAlreadyExists.AccessConfiguration', 'message' => 'AccessConfiguration already exists.', 'http_code' => 409, 'description' => 'The access configuration already exists.'], ['code' => 'EntityAlreadyExists.Directory', 'message' => 'Directory already exists.', 'http_code' => 409, 'description' => 'The directory already exists.'], ['code' => 'EntityAlreadyExists.GroupMember', 'message' => 'GroupMember already exists.', 'http_code' => 409, 'description' => 'The user is added to the group.'], ['code' => 'EntityAlreadyExists.MFADeviceRelation', 'message' => 'MFADeviceRelation already exists.', 'http_code' => 409, 'description' => 'The MFA device is bound.'], ['code' => 'EntityAlreadyExists.PermissionPolicyInAccessConfiguration', 'message' => 'PermissionPolicyInAccessConfiguration already exists.', 'http_code' => 409, 'description' => 'The policy is attached to the access configuration.'], ['code' => 'EntityAlreadyExists.User.Email', 'message' => 'User\'s email is already exists.', 'http_code' => 409, 'description' => 'The email address is already taken.'], ['code' => 'EntityAlreadyExists.User.UserName', 'message' => 'The parameter UserName already exists.', 'http_code' => 409, 'description' => 'The username is already used.'], ['code' => 'EntityAlreadyExists.User.UserName', 'message' => 'The parameter UserName already exists.', 'http_code' => 409, 'description' => 'The username is already used.'], ['code' => 'EntityAlreadyExists.UserProvisioning', 'message' => 'UserProvisioning already exists.', 'http_code' => 409, 'description' => 'User provisioning already exists.'], ['code' => 'EntityNotExists.AccessAssignment', 'message' => 'AccessAssignment does not exist.', 'http_code' => 404, 'description' => 'The access assignment does not exist.'], ['code' => 'EntityNotExists.AccessConfiguration', 'message' => 'AccessConfiguration does not exist.', 'http_code' => 404, 'description' => 'The access configuration does not exist.'], ['code' => 'EntityNotExists.AccessConfigurationProvisioning', 'message' => 'AccessConfigurationProvisioning does not exist.', 'http_code' => 404, 'description' => 'The access configuration is not provisioned.'], ['code' => 'EntityNotExists.Account', 'message' => 'Account does not exist.', 'http_code' => 404, 'description' => 'The account does not exist.'], ['code' => 'EntityNotExists.Directory', 'message' => 'Directory does not exist.', 'http_code' => 404, 'description' => 'The directory does not exist.'], ['code' => 'EntityNotExists.ExternalSAMLIdentityProvider', 'message' => 'ExternalSAMLIdentityProvider does not exist.', 'http_code' => 404, 'description' => 'The external IdP configuration does not exist.'], ['code' => 'EntityNotExists.Group', 'message' => 'Group does not exist.', 'http_code' => 404, 'description' => 'The group does not exist.'], ['code' => 'EntityNotExists.MFADevice', 'message' => 'MFADevice does not exist.', 'http_code' => 404, 'description' => 'The MFA device does not exist.'], ['code' => 'EntityNotExists.PermissionPolicy', 'message' => 'PermissionPolicy does not exist.', 'http_code' => 404, 'description' => 'The policy does not exist.'], ['code' => 'EntityNotExists.Task', 'message' => 'Task does not exist.', 'http_code' => 404, 'description' => 'The task does not exist.'], ['code' => 'EntityNotExists.User', 'message' => 'User does not exist.', 'http_code' => 404, 'description' => 'The user does not exist.'], ['code' => 'EntityNotExists.UserProvisioning', 'message' => 'UserProvisioning does not exist.', 'http_code' => 404, 'description' => 'User provisioning does not exist.'], ['code' => 'EntityNotExists.UserProvisioningStatistics', 'message' => 'UserProvisioningStatistics does not exist.', 'http_code' => 404, 'description' => 'The statistics about user synchronization do not exist.'], ['code' => 'InvalidParameter.AccessConfigurationId', 'message' => 'The format of the value specified for the AccessConfigurationId parameter is invalid.', 'http_code' => 400, 'description' => 'The format of the AccessConfigurationId parameter is invalid.'], ['code' => 'InvalidParameter.AccessConfigurationName.Length', 'message' => 'The length of the value specified for the AccessConfigurationName parameter is invalid.', 'http_code' => 400, 'description' => 'The length of the AccessConfigurationName parameter exceeds the limit.'], ['code' => 'InvalidParameter.AuthenticationCode', 'message' => 'The format of the value specified for the AuthenticationCode parameter is invalid.', 'http_code' => 400, 'description' => 'The format of the AuthenticationCode parameter is invalid.'], ['code' => 'InvalidParameter.DeprovisionStrategy', 'message' => 'The format of the value specified for the DeprovisionStrategy parameter is invalid.', 'http_code' => 400, 'description' => 'The format of the DeprovisionStrategy parameter is invalid.'], ['code' => 'InvalidParameter.Description.Length', 'message' => 'The length of the value specified for the Description parameter is invalid.', 'http_code' => 400, 'description' => 'The length of the Description parameter exceeds the limit.'], ['code' => 'InvalidParameter.DirectoryId', 'message' => 'The format of the value specified for the DirectoryId parameter is invalid.', 'http_code' => 400, 'description' => 'The format of the DirectoryId parameter is invalid.'], ['code' => 'InvalidParameter.DirectoryName', 'message' => 'The format of the value specified for the DirectoryName parameter is invalid.', 'http_code' => 400, 'description' => 'The format of the DirectoryName parameter is invalid.'], ['code' => 'InvalidParameter.DirectoryName.Length', 'message' => 'The length of the value specified for the DirectoryName parameter is invalid.', 'http_code' => 400, 'description' => 'The length of the DirectoryName parameter exceeds the limit.'], ['code' => 'InvalidParameter.EncodedMetadataDocument', 'message' => 'The format of the value specified for the EncodedMetadataDocument parameter is invalid.', 'http_code' => 400, 'description' => 'The format of the EncodedMetadataDocument parameter is invalid.'], ['code' => 'InvalidParameter.Filter', 'message' => 'The format of the value specified for the Filter parameter is invalid.', 'http_code' => 400, 'description' => 'The format of the Filter parameter is invalid.'], ['code' => 'InvalidParameter.GroupName', 'message' => 'The format of the value specified for the GroupName parameter is invalid.', 'http_code' => 400, 'description' => 'The format of the GroupName parameter is invalid.'], ['code' => 'InvalidParameter.InlinePolicyDocument', 'message' => 'The policy document is invalid.', 'http_code' => 400, 'description' => ''], ['code' => 'InvalidParameter.InlinePolicyDocument.Length', 'message' => 'The length of the value specified for the InlinePolicyDocument parameter is invalid.', 'http_code' => 400, 'description' => 'The length of the InlinePolicyDocument parameter exceeds the limit.'], ['code' => 'InvalidParameter.MaxResults', 'message' => 'The format of the value specified for the MaxResults parameter is invalid.', 'http_code' => 400, 'description' => 'The format of the MaxResults parameter is invalid.'], ['code' => 'InvalidParameter.NewDefaultLandingPage', 'message' => 'The format of the value specified for the NewDefaultLandingPage parameter is invalid.', 'http_code' => 400, 'description' => 'The format of the NewDefaultLandingPage parameter is invalid.'], ['code' => 'InvalidParameter.NewDescription.Length', 'message' => 'The length of the value specified for the NewDescription parameter is invalid.', 'http_code' => 400, 'description' => 'The length of the NewDescription parameter exceeds the limit.'], ['code' => 'InvalidParameter.NewInlinePolicyDocument', 'message' => 'The policy document is invalid.', 'http_code' => 400, 'description' => 'The policy document is invalid.'], ['code' => 'InvalidParameter.NewInlinePolicyDocument.Length', 'message' => 'The length of the value specified for the NewInlinePolicyDocument parameter is invalid.', 'http_code' => 400, 'description' => 'The length of the NewInlinePolicyDocument parameter exceeds the limit.'], ['code' => 'InvalidParameter.NewInlinePolicyDocument.Length', 'message' => 'The format of the value specified for the NewRelayState parameter is invalid.', 'http_code' => 400, 'description' => 'The format of the NewRelayState parameter is invalid.'], ['code' => 'InvalidParameter.NewRelayState', 'message' => 'The format of the value specified for the NewRelayState parameter is invalid.', 'http_code' => 400, 'description' => 'The format of the NewRelayState parameter is invalid.'], ['code' => 'InvalidParameter.PermissionPolicyType', 'message' => 'The format of the value specified for the PermissionPolicyType parameter is invalid.', 'http_code' => 400, 'description' => 'The format of the PermissionPolicyType parameter is invalid.'], ['code' => 'InvalidParameter.PrincipalType', 'message' => 'The format of the value specified for the PrincipalType parameter is invalid.', 'http_code' => 400, 'description' => 'The format of the PrincipalType parameter is invalid.'], ['code' => 'InvalidParameter.ProvisioningStatus', 'message' => 'The format of the value specified for the ProvisioningStatus parameter is invalid.', 'http_code' => 400, 'description' => 'The format of the ProvisioningStatus parameter is invalid.'], ['code' => 'InvalidParameter.RelayState', 'message' => 'The format of the value specified for the RelayState parameter is invalid.', 'http_code' => 400, 'description' => 'The format of the RelayState parameter is invalid.'], ['code' => 'InvalidParameter.Status', 'message' => 'The format of the value specified for the Status parameter is invalid.', 'http_code' => 400, 'description' => 'The format of the Status parameter is invalid.'], ['code' => 'InvalidParameter.TargetType', 'message' => 'The format of the value specified for the TargetType parameter is invalid.', 'http_code' => 400, 'description' => 'The format of the TargetType parameter is invalid.'], ['code' => 'InvalidParameter.TaskType', 'message' => 'The format of the value specified for the TaskType parameter is invalid.', 'http_code' => 400, 'description' => 'The format of the TaskType parameter is invalid.'], ['code' => 'InvalidParameter.UserMFAAuthenticationSettings', 'message' => 'The format of the value specified for the UserMFAAuthenticationSettings parameter is invalid.', 'http_code' => 400, 'description' => 'The format of the UserMFAAuthenticationSettings parameter is invalid.'], ['code' => 'InvalidParameter.UserName', 'message' => 'The format of the value specified for the UserName parameter is invalid.', 'http_code' => 400, 'description' => 'The format of the UserName parameter is invalid.'], ['code' => 'InvalidParameter.UserName.Length', 'message' => 'The length of the value specified for the UserName parameter is invalid.', 'http_code' => 400, 'description' => 'The length of the UserName parameter exceeds the limit.'], ['code' => 'InvalidServiceStatus', 'message' => 'Cloud SSO is not activated.', 'http_code' => 400, 'description' => 'Cloud SSO is not activated.'], ['code' => 'LimitExceeded.Directory', 'message' => 'The number of Directory exceeds the quota.', 'http_code' => 409, 'description' => 'The number of Directory exceeds the quota.'], ['code' => 'LimitExceeded.MFADevice', 'message' => 'The number of MFADevice exceeds the quota.', 'http_code' => 409, 'description' => 'The number of MFA devices exceeds the quota.'], ['code' => 'LimitExceeded.PermissionPolicy', 'message' => 'The number of PermissionPolicy exceeds the quota.', 'http_code' => 409, 'description' => 'The number of policies that are attached to the access configuration exceeds the quota.'], ['code' => 'MissingAccessConfigurationId', 'message' => 'The required AccessConfigurationId parameter is not specified.', 'http_code' => 400, 'description' => 'The AccessConfigurationId parameter is not configured.'], ['code' => 'MissingDeletionStrategy', 'message' => 'The required DeletionStrategy parameter is not specified.', 'http_code' => 400, 'description' => 'The DeletionStrategy parameter is not configured.'], ['code' => 'MissingDirectoryId', 'message' => 'The required DirectoryId parameter is not specified.', 'http_code' => 400, 'description' => 'The DirectoryId parameter is not configured.'], ['code' => 'MissingDuplicationStrategy', 'message' => 'The required DuplicationStrategy parameter is not specified.', 'http_code' => 400, 'description' => 'The DuplicationStrategy parameter is not configured.'], ['code' => 'MissingPermissionPolicyName', 'message' => 'The required PermissionPolicyName parameter is not specified.', 'http_code' => 400, 'description' => 'The PermissionPolicyName parameter is not configured.'], ['code' => 'MissingPermissionPolicyType', 'message' => 'The required PermissionPolicyType parameter is not specified.', 'http_code' => 400, 'description' => 'The PermissionPolicyType parameter is not configured.'], ['code' => 'MissingPrincipalId', 'message' => 'The required PrincipalId parameter is not specified.', 'http_code' => 400, 'description' => 'The PrincipalId parameter is not configured.'], ['code' => 'MissingPrincipalType', 'message' => 'The required PrincipalType parameter is not specified.', 'http_code' => 400, 'description' => 'The PrincipalType parameter is not configured.'], ['code' => 'MissingTargetId', 'message' => 'The required TargetId parameter is not specified.', 'http_code' => 400, 'description' => 'The TargetId parameter is not configured.'], ['code' => 'MissingTargetType', 'message' => 'The required TargetType parameter is not specified.', 'http_code' => 400, 'description' => 'The TargetType parameter is not configured.'], ['code' => 'MissingTaskId', 'message' => 'The required TaskId parameter is not specified.', 'http_code' => 400, 'description' => 'The TaskId parameter is not configured.'], ['code' => 'MissingUserId', 'message' => 'The required UserId parameter is not specified.', 'http_code' => 400, 'description' => 'The UserId parameter is not configured.'], ['code' => 'NoPermission', 'message' => 'You do not have the required permissions.', 'http_code' => 401, 'description' => 'You do not have the required permissions.'], ['code' => 'OperationConflict.Task', 'message' => 'In-progress tasks exist.', 'http_code' => 409, 'description' => 'A task is in progress.'], ['code' => 'Password.Reuse', 'message' => 'Password reuse prevention exceeded.', 'http_code' => 400, 'description' => 'Password reuse prevention exceeded.'], ['code' => 'Password.TooWeak', 'message' => 'The specified password is not compliant with the password policy.', 'http_code' => 400, 'description' => 'The password is weak.'], ['code' => 'PasswordResetNotAllowed', 'message' => 'You are not allowed to reset passwords.', 'http_code' => 409, 'description' => 'You are not allowed to reset the password.'], ['code' => 'PrerequisiteCheckFailed', 'message' => 'The prerequisites to activate the Cloud SSO service is not satisfied.', 'http_code' => 400, 'description' => 'The prerequisites to activate the Cloud SSO service is not satisfied.'], ], 'changeSet' => [], 'flowControl' => [ 'flowControlList' => [ ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeprovisionAccessConfiguration'], ['threshold' => '5', 'countWindow' => 1, 'regionId' => '*', 'api' => 'EnableDelegateAccount'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetServiceStatus'], ['threshold' => '50', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetTaskStatus'], ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListUsers'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetLoginPreference'], ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ProvisionAccessConfiguration'], ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'CreateAccessAssignment'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetMFAAuthenticationStatus'], ['threshold' => '5', 'countWindow' => 1, 'regionId' => '*', 'api' => 'UpdateDirectory'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetUserProvisioning'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListPermissionPoliciesInAccessConfiguration'], ['threshold' => '5', 'countWindow' => 1, 'regionId' => '*', 'api' => 'EnableService'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetDirectory'], ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListAccessAssignments'], ['threshold' => '50', 'countWindow' => 1, 'regionId' => '*', 'api' => 'AddUserToGroup'], ['threshold' => '50', 'countWindow' => 1, 'regionId' => '*', 'api' => 'CreateUserProvisioning'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'UpdateAccessConfiguration'], ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeleteUserProvisioning'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetDirectorySAMLServiceProviderInfo'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'CreateAccessConfiguration'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'RetryUserProvisioningEvent'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeleteAccessConfiguration'], ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetUser'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ResetUserPassword'], ['threshold' => '50', 'countWindow' => 1, 'regionId' => '*', 'api' => 'RemoveUserFromGroup'], ['threshold' => '5', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DisableService'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetUserId'], ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListTasks'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'UpdateInlinePolicyForAccessConfiguration'], ['threshold' => '50', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListGroupMembers'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'CreateSCIMServerCredential'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeleteUserProvisioningEvent'], ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListAccessConfigurations'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'SetSCIMSynchronizationStatus'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetUserProvisioningRdAccountStatistics'], ['threshold' => '5', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeleteDirectory'], ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetGroup'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetUserMFAAuthenticationSettings'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'RemoveExternalSAMLIdPCertificate'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ClearExternalSAMLIdentityProvider'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetUserProvisioningConfiguration'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetMFAAuthenticationSettingInfo'], ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListAccessConfigurationProvisionings'], ['threshold' => '400', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListMFADevicesForUser'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetDirectoryStatistics'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetUserProvisioningStatistics'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'AddExternalSAMLIdPCertificate'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeleteUser'], ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListGroups'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListExternalSAMLIdPCertificates'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'UpdateUserProvisioningConfiguration'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeleteGroup'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetSCIMSynchronizationStatus'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'RemovePermissionPolicyFromAccessConfiguration'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListUserProvisioningEvents'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeleteMFADeviceForUser'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'SetMFAAuthenticationStatus'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetUserProvisioningEvent'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListDirectories'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'SetLoginPreference'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'AddPermissionPolicyToAccessConfiguration'], ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeleteAccessAssignment'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListSCIMServerCredentials'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DeleteSCIMServerCredential'], ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetTask'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'UpdateSCIMServerCredentialStatus'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'SetExternalSAMLIdentityProvider'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListJoinedGroupsForUser'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'CreateGroup'], ['threshold' => '20', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetAccessConfiguration'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'CreateUser'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetPasswordPolicy'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'ListUserProvisionings'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'SetPasswordPolicy'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'UpdateUserMFAAuthenticationSettings'], ['threshold' => '5', 'countWindow' => 1, 'regionId' => '*', 'api' => 'CreateDirectory'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'UpdateUserProvisioning'], ['threshold' => '5', 'countWindow' => 1, 'regionId' => '*', 'api' => 'DisableDelegateAccount'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetMFAAuthenticationSettings'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'UpdateMFAAuthenticationSettings'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'UpdateUserStatus'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'UpdateUser'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'GetExternalSAMLIdentityProvider'], ['threshold' => '10', 'countWindow' => 1, 'regionId' => '*', 'api' => 'UpdateGroup'], ], ], 'ram' => [ 'productCode' => 'CloudSSO', 'productName' => 'Resource Access Management', 'ramCodes' => ['cloudsso'], 'ramLevel' => 'RESOURCE', 'ramConditions' => [], 'ramActions' => [ [ 'apiName' => 'GetUserProvisioningConfiguration', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetUserProvisioningConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'DisableDelegateAccount', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:DisableDelegateAccount', 'authLevel' => 'operate', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'All Resource', 'arn' => '*'], ], ], ], [ 'apiName' => 'AddUserToGroup', 'description' => '', 'operationType' => 'create', 'ramAction' => [ 'action' => 'cloudsso:AddUserToGroup', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/{#GroupId}'], ], ], ], [ 'apiName' => 'GetMFAAuthenticationSettingInfo', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetMFAAuthenticationSettingInfo', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'GetTaskStatus', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetTaskStatus', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'DeleteSCIMServerCredential', 'description' => '', 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:DeleteSCIMServerCredential', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'SCIMServerCredential', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/scim-credential/{#CredentialId}'], ], ], ], [ 'apiName' => 'DeleteUser', 'description' => '', 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:DeleteUser', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], [ 'apiName' => 'ListUserProvisionings', 'description' => '', 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListUserProvisionings', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'All Resource', 'arn' => '*'], ], ], ], [ 'apiName' => 'DeleteDirectory', 'description' => '', 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:DeleteDirectory', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'ListGroups', 'description' => '', 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListGroups', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/*'], ], ], ], [ 'apiName' => 'UpdateDirectory', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UpdateDirectory', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'ListJoinedGroupsForUser', 'description' => '', 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListJoinedGroupsForUser', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], [ 'apiName' => 'CreateUser', 'description' => '', 'operationType' => 'create', 'ramAction' => [ 'action' => 'cloudsso:CreateUser', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/*'], ], ], ], [ 'apiName' => 'GetLoginPreference', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetLoginPreference', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'TagResources', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:TagResources', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ], ], ], [ 'apiName' => 'CreateUserProvisioning', 'description' => '', 'operationType' => 'create', 'ramAction' => [ 'action' => 'cloudsso:CreateUserProvisioning', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/*'], ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Account', 'arn' => 'acs:resourcemanager::{#accountId}:account/{#AccountId}'], ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/{#GroupId}'], ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], [ 'apiName' => 'RemovePermissionPolicyFromAccessConfiguration', 'description' => '', 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:RemovePermissionPolicyFromAccessConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ], ], ], [ 'apiName' => 'CreateDirectory', 'description' => '', 'operationType' => 'create', 'additionalActions' => [ ['action' => 'ram:CreateServiceLinkedRole', 'validationType' => 'always'], ], 'ramAction' => [ 'action' => 'cloudsso:CreateDirectory', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/*'], ], ], ], [ 'apiName' => 'UpdateMFAAuthenticationSettings', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UpdateMFAAuthenticationSettings', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'UpdateSCIMServerCredentialStatus', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UpdateSCIMServerCredentialStatus', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'SCIMServerCredential', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/scim-credential/{#CredentialId}'], ], ], ], [ 'apiName' => 'UpdateDirectoryGlobalAccessStatus', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UpdateDirectoryGlobalAccessStatus', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'GetUserProvisioning', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetUserProvisioning', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/{#UserProvisioningId}'], ], ], ], [ 'apiName' => 'UpdateUserMFAAuthenticationSettings', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UpdateUserMFAAuthenticationSettings', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], [ 'apiName' => 'DeprovisionAccessConfiguration', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:DeprovisionAccessConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ], ], ], [ 'apiName' => 'DisableService', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:DisableService', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'All Resource', 'arn' => '*'], ], ], ], [ 'apiName' => 'GetAccessConfiguration', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetAccessConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ], ], ], [ 'apiName' => 'RetryUserProvisioningEvent', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:RetryUserProvisioningEvent', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/{#UserProvisioningId}'], ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/*'], ], ], ], [ 'apiName' => 'RemoveExternalSAMLIdPCertificate', 'description' => '', 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:RemoveExternalSAMLIdPCertificate', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'ProvisionAccessConfiguration', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:ProvisionAccessConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ], ], ], [ 'apiName' => 'EnableService', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:EnableService', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'All Resource', 'arn' => '*'], ], ], ], [ 'apiName' => 'ListAccessAssignments', 'description' => '', 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListAccessAssignments', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'All Resource', 'arn' => '*'], ], ], ], [ 'apiName' => 'CreateAccessAssignment', 'description' => '', 'operationType' => 'create', 'ramAction' => [ 'action' => 'cloudsso:CreateAccessAssignment', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/{#GroupId}'], ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Account', 'arn' => 'acs:resourcemanager::{#accountId}:account/{#AccountId}'], ], ], ], [ 'apiName' => 'ListSCIMServerCredentials', 'description' => '', 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListSCIMServerCredentials', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'SCIMServerCredential', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/scim-credential/*'], ], ], ], [ 'apiName' => 'UpdateUser', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UpdateUser', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], [ 'apiName' => 'EnableDelegateAccount', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:EnableDelegateAccount', 'authLevel' => 'operate', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'All Resource', 'arn' => '*'], ], ], ], [ 'apiName' => 'UpdateUserStatus', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UpdateUserStatus', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], [ 'apiName' => 'GetMFAAuthenticationStatus', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetMFAAuthenticationStatus', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'CreateAccessConfiguration', 'description' => '', 'operationType' => 'create', 'ramAction' => [ 'action' => 'cloudsso:CreateAccessConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/*'], ], ], ], [ 'apiName' => 'GetGroup', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetGroup', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/{#GroupId}'], ], ], ], [ 'apiName' => 'DeleteAccessConfiguration', 'description' => '', 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:DeleteAccessConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ], ], ], [ 'apiName' => 'ListMFADevicesForUser', 'description' => '', 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListMFADevicesForUser', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], [ 'apiName' => 'PreCheckForCreateUserProvisioning', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:PreCheckForCreateUserProvisioning', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/{#GroupId}'], ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/*'], ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Account', 'arn' => 'acs:resourcemanager::{#accountId}:account/{#AccountId}'], ], ], ], [ 'apiName' => 'ListDirectories', 'description' => '', 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListDirectories', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/*'], ], ], ], [ 'apiName' => 'ListTagResources', 'description' => '', 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListTagResources', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], [ 'apiName' => 'UpdateGroup', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UpdateGroup', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/{#GroupId}'], ], ], ], [ 'apiName' => 'AddExternalSAMLIdPCertificate', 'description' => '', 'operationType' => 'create', 'ramAction' => [ 'action' => 'cloudsso:AddExternalSAMLIdPCertificate', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'GetDirectory', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetDirectory', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'GetDirectoryGlobalAccessStatus', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetDirectoryGlobalAccessStatus', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'GetPasswordPolicy', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetPasswordPolicy', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'SetPasswordPolicy', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:SetPasswordPolicy', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'DeleteMFADeviceForUser', 'description' => '', 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:DeleteMFADeviceForUser', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], [ 'apiName' => 'GetUser', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetUser', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], [ 'apiName' => 'ListAccessConfigurations', 'description' => '', 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListAccessConfigurations', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/*'], ], ], ], [ 'apiName' => 'DeleteAccessAssignment', 'description' => '', 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:DeleteAccessAssignment', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/{#GroupId}'], ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Account', 'arn' => 'acs:resourcemanager::{#accountId}:account/{#AccountId}'], ], ], ], [ 'apiName' => 'GetUserProvisioningRdAccountStatistics', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetUserProvisioningRdAccountStatistics', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Account', 'arn' => 'acs:resourcemanager::{#accountId}:account/{#AccountId}'], ], ], ], [ 'apiName' => 'ListUserProvisioningEvents', 'description' => '', 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListUserProvisioningEvents', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/{#UserProvisioningId}'], ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/*'], ], ], ], [ 'apiName' => 'UntagResources', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UntagResources', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], [ 'apiName' => 'UpdateInlinePolicyForAccessConfiguration', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UpdateInlinePolicyForAccessConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ], ], ], [ 'apiName' => 'DeleteUserProvisioning', 'description' => '', 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:DeleteUserProvisioning', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/{#UserProvisioningId}'], ], ], ], [ 'apiName' => 'GetMFAAuthenticationSettings', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetMFAAuthenticationSettings', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'ResetUserPassword', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:ResetUserPassword', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], [ 'apiName' => 'GetDirectorySAMLServiceProviderInfo', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetDirectorySAMLServiceProviderInfo', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'GetServiceStatus', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetServiceStatus', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'All Resource', 'arn' => '*'], ], ], ], [ 'apiName' => 'ListGroupMembers', 'description' => '', 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListGroupMembers', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/{#GroupId}'], ], ], ], [ 'apiName' => 'ListTasks', 'description' => '', 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListTasks', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'ListUsers', 'description' => '', 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListUsers', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/*'], ], ], ], [ 'apiName' => 'DeleteGroup', 'description' => '', 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:DeleteGroup', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/{#GroupId}'], ], ], ], [ 'apiName' => 'GetDelegateAccount', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetDelegateAccount', 'authLevel' => 'operate', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'All Resource', 'arn' => '*'], ], ], ], [ 'apiName' => 'SetExternalSAMLIdentityProvider', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:SetExternalSAMLIdentityProvider', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'SetDirectorySAMLServiceProviderInfo', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:SetDirectorySAMLServiceProviderInfo', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'GetUserProvisioningStatistics', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetUserProvisioningStatistics', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/{#UserProvisioningId}'], ], ], ], [ 'apiName' => 'SetMFAAuthenticationStatus', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:SetMFAAuthenticationStatus', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'AddPermissionPolicyToAccessConfiguration', 'description' => '', 'operationType' => 'create', 'ramAction' => [ 'action' => 'cloudsso:AddPermissionPolicyToAccessConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ], ], ], [ 'apiName' => 'CreateSCIMServerCredential', 'description' => '', 'operationType' => 'create', 'ramAction' => [ 'action' => 'cloudsso:CreateSCIMServerCredential', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'SCIMServerCredential', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/scim-credential/*'], ], ], ], [ 'apiName' => 'ListPermissionPoliciesInAccessConfiguration', 'description' => '', 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListPermissionPoliciesInAccessConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ], ], ], [ 'apiName' => 'GetUserId', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetUserId', 'authLevel' => 'operate', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/*'], ], ], ], [ 'apiName' => 'GetUserProvisioningEvent', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetUserProvisioningEvent', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/{#UserProvisioningId}'], ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/*'], ], ], ], [ 'apiName' => 'RemoveUserFromGroup', 'description' => '', 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:RemoveUserFromGroup', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/{#GroupId}'], ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], [ 'apiName' => 'ClearExternalSAMLIdentityProvider', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:ClearExternalSAMLIdentityProvider', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'ListExternalSAMLIdPCertificates', 'description' => '', 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListExternalSAMLIdPCertificates', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'CreateGroup', 'description' => '', 'operationType' => 'create', 'ramAction' => [ 'action' => 'cloudsso:CreateGroup', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/*'], ], ], ], [ 'apiName' => 'EnableDirectoryRDFeature', 'description' => '', 'operationType' => 'update', 'additionalActions' => [], 'ramAction' => [ 'action' => 'cloudsso:EnableDirectoryRDFeature', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'GetTask', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetTask', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'CheckRDFeaturePrerequisite', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:CheckRDFeaturePrerequisite', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'All Resource', 'arn' => '*'], ], ], ], [ 'apiName' => 'UpdateUserProvisioningConfiguration', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UpdateUserProvisioningConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'UpdateUserProvisioning', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UpdateUserProvisioning', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/{#UserProvisioningId}'], ], ], ], [ 'apiName' => 'SetSCIMSynchronizationStatus', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:SetSCIMSynchronizationStatus', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'GetSCIMSynchronizationStatus', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetSCIMSynchronizationStatus', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'GetExternalSAMLIdentityProvider', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetExternalSAMLIdentityProvider', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'SetLoginPreference', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:SetLoginPreference', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'UpdateAccessConfiguration', 'description' => '', 'operationType' => 'update', 'ramAction' => [ 'action' => 'cloudsso:UpdateAccessConfiguration', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ], ], ], [ 'apiName' => 'ListAccessConfigurationProvisionings', 'description' => '', 'operationType' => 'list', 'ramAction' => [ 'action' => 'cloudsso:ListAccessConfigurationProvisionings', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/*'], ], ], ], [ 'apiName' => 'GetUserMFAAuthenticationSettings', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetUserMFAAuthenticationSettings', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ], ], ], [ 'apiName' => 'GetDirectoryStatistics', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetDirectoryStatistics', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'GetDirectoryRDFeatureStatus', 'description' => '', 'operationType' => 'get', 'ramAction' => [ 'action' => 'cloudsso:GetDirectoryRDFeatureStatus', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'always', 'product' => 'CloudSSO', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ], ], ], [ 'apiName' => 'DeleteUserProvisioningEvent', 'description' => '', 'operationType' => 'delete', 'ramAction' => [ 'action' => 'cloudsso:DeleteUserProvisioningEvent', 'authLevel' => 'resource', 'actionConditions' => [], 'resources' => [ ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/{#UserProvisioningId}'], ['validationType' => 'conditional', 'product' => 'CloudSSO', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/*'], ], ], ], ], 'resourceTypes' => [ ['validationType' => 'always', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}'], ['validationType' => 'always', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/{#UserId}'], ['validationType' => 'always', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/{#GroupId}'], ['validationType' => 'always', 'resourceType' => 'SCIMServerCredential', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/scim-credential/{#CredentialId}'], ['validationType' => 'always', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/*'], ['validationType' => 'conditional', 'resourceType' => 'Account', 'arn' => 'acs:resourcemanager::{#accountId}:account/*'], ['validationType' => 'conditional', 'resourceType' => 'Account', 'arn' => 'acs:resourcemanager::{#accountId}:account/{#AccountId}'], ['validationType' => 'conditional', 'resourceType' => 'Group', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/group/*'], ['validationType' => 'conditional', 'resourceType' => 'User', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user/*'], ['validationType' => 'always', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/{#AccessConfigurationId}'], ['validationType' => 'always', 'resourceType' => 'Directory', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/*'], ['validationType' => 'always', 'resourceType' => 'UserProvisioning', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/user-provisioning/{#UserProvisioningId}'], ['validationType' => 'conditional', 'resourceType' => 'AccessConfiguration', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/access-configuration/*'], ['validationType' => 'always', 'resourceType' => 'SCIMServerCredential', 'arn' => 'acs:cloudsso:{#regionId}:{#accountId}:directory/{#DirectoryId}/scim-credential/*'], ], ], ];