Use DingTalk as an OAuth 2.0 authentication provider

Tier: Free, Premium, Ultimate Offering: Self-managed

You can sign in to GitLab using your DingTalk account. Sign in to DingTalk Open Platform and create an application on it. DingTalk generates a client ID and secret key for you to use.

  1. Sign in to DingTalk Open Platform.

  2. On the top bar, select Application development > Enterprise internal development and then select Create Application.

  3. Fill in the application details:

    • Application Name: This can be anything. Consider something like <Organization>'s GitLab, <Your Name>'s GitLab, or something else descriptive.
    • Application Description: Create a description.
    • Application icon: Upload qualified icons if needed.
  4. Select Confirm and create.

  5. On the left sidebar, select DingTalk Application and find your application. Select it and go to the application information page.

  6. In the Application Credentials section, note the AppKey and AppSecret as you use these values later.

  7. On your GitLab server, open the configuration file.

    For Linux package installations:

    sudo editor /etc/gitlab/gitlab.rb

    For self-compiled installations:

    cd /home/git/gitlab
    sudo -u git -H editor config/gitlab.yml
  8. Configure the common settings to add dingtalk as a single sign-on provider. This enables Just-In-Time account provisioning for users who do not have an existing GitLab account.

  9. Add the provider configuration.

    For Linux package installations:

      gitlab_rails['omniauth_providers'] = [
          name: "dingtalk",
          # label: "Provider name", # optional label for login button, defaults to "Ding Talk"
          app_id: "<your_appkey>",
          app_secret: "<your_appsecret>"

    For self-compiled installations:

    - { name: 'dingtalk',
        # label: 'Provider name', # optional label for login button, defaults to "Ding Talk"
        app_id: '<your_appkey>',
        app_secret: '<your_appsecret>' }
  10. Replace <your_appkey> with the AppKey from the Application Credentials in step 6.

  11. Replace <your_appsecret> with the AppSecret from the Application Credentials in step 6.

  12. Save the configuration file.

  13. For the changes to take effect, if you: