When you first access a third-party application by using an Alibaba Cloud account or a RAM identity (a RAM user or role), you must complete the authorization and installation process.
Prerequisites
You must use an Alibaba Cloud account or a RAM administrator (a RAM user with the AliyunRAMFullAccess policy) to perform the authorization described in this topic.
Authorize and install a third-party application
When you access a third-party application for the first time, carefully review the authorization scopes, which include required and optional scopes. Then, click Authorize to grant the requested permissions. Granting authorization also installs the application.
After an Alibaba Cloud account or a RAM administrator authorizes a third-party application, all RAM users within that account can access the application without needing to authorize it again.
After authorization, the application gains access to the user's identity and permission information. If the authorization scope includes permissions for specific cloud services, the third-party application can assume the user's identity to access your Alibaba Cloud resources.
Required scope
The third-party application defines the required scope. It includes data or permissions that the application needs to function. This scope is selected by default and cannot be deselected. If you do not want to grant these permissions, you must reject the authorization request. If rejecting the request prevents you from using the application, contact the application provider for assistance.
Optional scope
The third-party application also defines the optional scope. It includes data and permissions that the application requests but does not require. You can grant these permissions selectively based on your needs.
View authorization details
After you authorize a third-party application, you can view the application's details in the RAM console, including its name, ID, authorization time, and authorization scope.
Log on to the RAM console.
In the left-side navigation pane, choose .
On the Third-party Application tab, click the name of the target application to view its authorization details.
Revoke authorization
If you no longer want a third-party application to have access to your account, you can revoke its authorization.
Log on to the RAM console.
In the left-side navigation pane, choose .
On the Third-party Application tab, find the third-party application that you want to manage and click Delete Application in the Actions column.
In the Delete Application dialog box, click Delete Application.
Re-authorize an application
To change the authorization scope for an application, you must first revoke its authorization and then access the third-party application again to restart the authorization process.
Install an official application directly
As a RAM administrator, you can install official applications directly from the RAM console. After you install the application, you must assign user access to it.
Even after you assign user accesses, the users will be prompted to authorize the application on their first logon. This final step is required for them to grant the application access to their personal identity and permission information.
To install an official application directly:
Log on to the RAM console as a RAM administrator.
In the left-side navigation pane, choose .
On the Third-party Application tab, click Provision Official Application.
In the Provision Official Application dialog box, select the official application that you want to install and click OK.
NoteThe list of supported official applications is subject to change. Refer to the console for the most current list. An example is OpenAPI MCP Server.