DingTalk SSO Solution

Traditional identity systems are often pieced together from various solutions, and "identity data" is separated from each other. The need for unified account management is becoming more frequent and necessary. By using a centralized identity management platform, the user login experience and IT office efficiency can be greatly improved, and access security can be effectively improved.

We are often asked by developers how to log in to all applications through a single identity source and the same platform, and uniformly perform fine-grained permission management. Taking DingTalk as an enterprise's single identity source to quickly add Alibaba Cloud as an example, we provide everyone with a very simple solution to the problem of unified account management.

Design ideas

How to implement

Step 1: Configure DingTalk as a GenAuth identity source

For specific DingTalk identity source configuration operations, see the document, DingTalk H5 Micro Application (Enterprise Internal Development)

Step 2: Use DingTalk to single-point sign-on to Alibaba Cloud

Integrate applications

Enter DingTalk Open Platform Backstage, click the top Type to switch to "Enterprise Application", click the application (Alibaba Cloud) card created in step 1 or create a new application.

Enter the application details page, click "Development Management" on the left column, and click the "Modify" button

Enter the Alibaba Cloud configuration details page and copy the application access link

Copy the link to the application homepage address and PC homepage address
Click Version Management and Release on the left column and select Confirm Release
Select the scope of application
Add address book interface permissions
Click Complete Login in the workbench

Self-built application

For self-built applications, you need to perform the following operations:

Create a self-built application

First, you need to create a self-built application and complete the configuration. To create an application, refer to How to create a self-built application

Users need to enter the configured self-built application details page and copy its authentication address

Enter the enterprise application details page created in DingTalk, click "Development Management" on the left column, click the "Modify" button, and fill in the URL of the application homepage. The subsequent steps are the same as the integrated application to publish the application.

Authenticate Your First User

Trial Period

QR Code Login

Use Self-built App for QR Code Login

Extend Authentication Process

Manage New Data Resource Permissions

Data Policies and Authorization

Self-built Applications

Protocol Configuration

Single Sign-On SSO

Third-party SSO Solutions

Social Identity Providers

Custom Database

Password Security

Multi-factor Authentication

Pipeline

用户字段管理

Login

Logout

Token Management

Registration

User Profile

Account Binding

MFA Factor Management

User Related Resources

Message Service

Authorization

WeChat Related APIs

Others

User Management

Organization Management

Role Management

User Group Management

Custom Field Management

Resource and Permission Management

Manage Data Resources and Permissions

Manage Applications

Manage Identity Sources

Manage Security Configuration

Manage Message Service

Manage Pipeline

Manage Webhook

Get Audit Logs

Manage Metering and Billing

Login

Logout

Register

User Profile

Account Binding

MFA Factor Management

User Related Resources

Message Service

WeChat Related APIs

Others

User Management

Organization Management

Role Management

User Group Management

Custom Field Management

Resource and Permission Management

管理应用

管理身份源

管理安全配置

管理消息服务

管理 Pipeline

管理 Webhook

获取审计日志

管理计量计费

DingTalk SSO Solution ​

Design ideas ​

How to implement ​

Step 1: Configure DingTalk as a GenAuth identity source ​

Step 2: Use DingTalk to single-point sign-on to Alibaba Cloud ​

Integrate applications ​