DingTalk OAuth
Add DingTalk as an OAuth provider.
Configure DingTalk at the DingTalk Open Platform. Create or open an app and note AppKey and AppSecret (these map to Client ID and Client secret in Hanzo IAM).
| Hanzo IAM | DingTalk |
|---|---|
| Client ID | AppKey |
| Client secret | AppSecret |
Add the Redirect Domain: your Hanzo IAM domain (e.g. https://your-iam.com).
Required permission
Enable Contact.User.Read in your DingTalk app (used for /v1.0/contact/users/me). Without it, Hanzo IAM cannot fetch user info and sign-in will fail. Enable it under Permissions Management.
:::caution Contact.User.Read must be enabled in the DingTalk application. :::
Username mapping
Hanzo IAM uses DingTalk’s unionid as the username. This keeps the same user mapped across your DingTalk org even when other details change.
Add the provider in Hanzo IAM
Create an OAuth provider, set Type to DingTalk, and enter AppKey as Client ID and AppSecret as Client secret.
How is this guide?
Last updated on