DocsICP FilingConsole
官方文档
首页

Quick start

更新时间:
复制 MD 格式
产品详情
我的收藏

Set up Alibaba Cloud IDaaS Customer Identity and Access Management (CIAM) by activating an instance, creating an application, and configuring user authentication.

Prerequisites

Before you begin, ensure that you have:

  • An Alibaba Cloud account

  • (For RAM users) The AliyunYundunIdaasFullAccess permission granted by your account administrator

Step 1: Activate an instance

  1. Log on to the CIAM console and click CIAM console RAM consolePurchase Instance to open the CIAM pricing page.

  2. Select your Region and Specifications, then click Buy Now.

    Pricing depends on your deployment model: - Online version: Charged based on monthly active users (MAU). Instance usage fees (computing resources and storage) are billed separately based on actual configuration. - On-premises deployment: One-time authorization or periodic license fees apply, plus implementation fees (deployment, system integration, and custom development) and optional Operations and Maintenance (O&M) fees for technical support. For details, see Pricing.

  3. Return to the console to verify the instance appears in your instance list.

Step 2: Grant RAM user access to the IDaaS console

Skip this step if you access the console directly with your Alibaba Cloud account.

  1. Log on to the RAM console and confirm the target RAM user has the AliyunYundunIdaasFullAccess permission.

  2. Log on to the CIAM console with your Alibaba Cloud account. Click the instance ID to open its management console.

  3. Go to Settings > Other Settings > Administrator account and click Add administrator.

  4. Fill in the Account name, RAM sub-account, External ID, and Authorized role, then save. The RAM user can now log on to the IDaaS console with the assigned role.

Step 3: Create an application

CIAM uses applications as the central unit for managing authentication. Create one application for each customer-facing service, such as a website, mini program, or mobile app, that you want to protect with CIAM.

  1. In the instance management console, go to Application > Application Management and click Add an application.

  2. Set the Icon, Application Name, Application Type, and SSO Protocolimage. If the application is for management purposes, select the Website type.

  3. After you create an application, you can configure and maintain it.imageimage

Step 4: Configure logon methods

Each application supports one or more logon methods. Configure the right combination to improve user conversion rates and reduce registration drop-off.

  1. On the Application Management page, find the application and click Configure in the Actions column.

  2. On the Application Settings page, click the Registration And Logon Settingsimage tab. By default, two logon methods are available: Phone Code and Password-based Logonimage.

  3. Set the Primary Logon Method to control which method is shown first on the logon page — either Phone Code or Password-based Logon.

Step 5: Manage accounts

CIAM supports two ways to add user accounts:

Method Description
Administrator-created accounts In the instance management console, create a user and set the account name, password, and mobile phone number. The user can then log on to the user portal with a password or verification code.
Self-registration After an administrator creates an application, users can register for an account directly on the portal.
Previous:Getting StartedNext:User Guide