All Products
Search
Document Center

Agent Identity:DingTalk

Last Updated:Jun 25, 2026

This topic explains how to configure DingTalk as an OAuth credential provider for Agent Identity.

Prerequisites

  • You must have an administrator account that can manage applications on the DingTalk Open Platform.

  • The operator must have the Agent Identity administrator AliyunAgentIdentityFullAccess permission.

Step 1: Create an OAuth application on the DingTalk Open Platform

  1. Sign in to the DingTalk developer console.

  2. Navigate to App Development  >  Internal-company Apps  >  DingTalk App , and then click Create App .

  3. Enter the application information.

    Parameter

    Required

    Description

    App name

    Yes

    Enter an app name. The minimum length is 2 characters.

    App description

    Yes

    Briefly describe the products or services the application offers. The description must be at least 4 characters long.

    App icon

    No

    Upload an icon for the application. The icon must be a JPG or PNG file, at least 240 x 240 pixels, have a 1:1 aspect ratio, and be smaller than 2 MB. The icon must not have rounded corners.

  4. Click Save to open the application details page.

  5. On the application details page, in the left navigation pane, click Basic Information  > Credentials and Basic Information. Copy and save the Client ID and Client Secret.

  6. Navigate to App Release  > Version Management and Release and click Create New Version. Enter the required information, click Save, and then release the application.

Step 2: Create an OAuth credential provider in Agent Identity

  1. Sign in to the Agent Identity console. In the left navigation pane, select Outbound > Credential Providers.

  2. On the Credential Providers page, ensure the OAuth2 tab is selected.

  3. Click Create Credential Provider.

  4. On the Create Credential Provider page, configure the following parameters:

    1. Credential provider name: The name of the OAuth credential provider.

    2. Description (optional): The description of the credential provider.

  5. In the Basic information section, copy the Callback URL.

  6. In the Configuration information section, configure the following settings:

    • Provider: Select DingTalk.

    • Client ID: Paste the Client ID from Step 1.

    • Client Secret: Paste the Client Secret from Step 1.

  7. Click Create Credential Provider.

Step 3: Update the redirect URL of the OAuth application on the DingTalk Open Platform

  1. Return to the DingTalk developer console. Find the application you created, and click its name to open the details page.

  2. On the application details page, in the left navigation pane, click Development Configuration > Security Settings.

  3. On the Security Settings page, in the Redirect URL (Callback Domain) text box, paste the callback URL from Step 2.

  4. Click Save.