Updated on 2025-08-21 GMT+08:00

Configuring an Instance

Function

This API is used to configure an IAM Identity Center instance, including identity authentication and session management. It can be called only from the organization's management account or from a delegated administrator account of a cloud service.

URI

POST /v1/instances/{instance_id}/sso-configuration

Table 1 Path parameters

Parameter

Mandatory

Type

Description

instance_id

Yes

String

Globally unique ID of an IAM Identity Center instance.

Request Parameters

Table 2 Parameters in the request header

Parameter

Mandatory

Type

Description

X-Security-Token

No

String

Security token (session token) of your temporary security credentials. If a temporary security credential is used, this header is required.

Table 3 Parameters in the request body

Parameter

Mandatory

Type

Description

sso_configuration

Yes

SSOConfigurationDto object

Instance configuration.

configuration_type

Yes

String

Configuration type.

Table 4 SSOConfigurationDto

Parameter

Mandatory

Type

Description

mfa_mode

No

String

Effective mode of MFA.

no_mfa_signin_behavior

No

String

Available login behavior when an MFA device is not registered.

no_password_signin_behavior

No

String

Login without a password.

allowed_mfa_types

No

Array of strings

Allowed MFA types.

session_configuration

No

SessionConfigurationDto object

Session validity configuration.

Table 5 SessionConfigurationDto

Parameter

Mandatory

Type

Description

max_authentication_age

Yes

String

Effective time of a session.

Response Parameters

Status code: 200

Successful

Status code: 400

Table 6 Parameters in the response body

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

request_id

String

Unique ID of a request.

Status code: 403

Table 7 Parameters in the response body

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error message.

request_id

String

Unique ID of a request.

encoded_authorization_message

String

Encrypted error message.

Example Request

Configuring an IAM Identity Center service instance, including identity authentication and session management

POST https://{hostname}/v1/instances/{instance_id}/sso-configuration

{
  "sso_configuration" : {
    "mfa_mode" : "ALWAYS_ON",
    "no_mfa_signin_behavior" : "ALLOWED",
    "no_password_signin_behavior" : "BLOCKED",
    "allowed_mfa_types" : [ "TOTP" ],
    "session_configuration" : {
      "max_authentication_age" : "PT8H"
    }
  },
  "configuration_type" : "APP_AUTHENTICATION_CONFIGURATION"
}

Example Response

None

Status Codes

Status Code

Description

200

Successful.

400

Bad request.

403

Forbidden.

Error Codes

For details, see Error Codes.