|
|
|
|
---
|
|
|
|
|
title: 'Azure AD (Entra)'
|
|
|
|
|
description: 'Learn how to configure Active Directory as an identity provider for NocoDB.'
|
|
|
|
|
tags: ['SSO', 'Active Directory', 'SAML']
|
|
|
|
|
keywords: ['SSO', 'Active Directory', 'SAML', 'Authentication', 'Identity Provider']
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
:::info
|
|
|
|
|
For SSO Access - please reach [**out to sales team**](https://calendly.com/nocodb).
|
|
|
|
|
:::
|
|
|
|
|
|
|
|
|
|
This article briefs about the steps to configure Active Directory as Identity service provider for NocoDB
|
|
|
|
|
|
|
|
|
|
### NocoDB, Retrieve `SAML SSO` Configuration details
|
|
|
|
|
|
|
|
|
|
1. Go to `Account Settings`
|
|
|
|
|
2. Select `Authentication (SSO)`
|
|
|
|
|
3. Click on `New Provider` button
|
|
|
|
|
4. On the Popup modal, Specify a `Display name` for the provider; note that, this name will be used to display the
|
|
|
|
|
provider on the login page
|
|
|
|
|
5. Retrieve `Redirect URL` & `Audience / Entity ID`; these information will be required to be configured later with the
|
|
|
|
|
Identity Provider
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### Azure AD, Configure NocoDB as an Application
|
|
|
|
|
|
|
|
|
|
1. Sign in to your [Azure account](https://portal.azure.com/#allservices) and navigate
|
|
|
|
|
to `Microsoft Entra admin center` > `Identity` > `Enterprise applications`
|
|
|
|
|
2. Click `+ New application`
|
|
|
|
|
3. On the `Browse Microsoft Entra Gallery` page, select `Create your own application` from the navigation bar.
|
|
|
|
|
- Provide your application's name.
|
|
|
|
|
- Choose `Integrate any other application you don't find in the gallery (Non-gallery)`
|
|
|
|
|
- `Create`
|
|
|
|
|
4. On your application page, navigate to `Manage` > `Single sign-on` > `SAML`
|
|
|
|
|
5. Go to the `Basic SAML Configuration` section under `Set up Single Sign-On with SAML` and click `Edit`
|
|
|
|
|
- Add the `Audience URI` under `Identifier (Entity ID)`.
|
|
|
|
|
- Add the `Redirect URL` under `Replay URL (Assertion Consumer Service URL)`.
|
|
|
|
|
- Click `Save`
|
|
|
|
|
6. In the `Attributes & Claims` section, click `Edit`
|
|
|
|
|
- Edit the "Unique User Identifier (Name ID)" claim:
|
|
|
|
|
- Select `Email address` from the `Name identifier format` dropdown
|
|
|
|
|
- Choose `Attribute` as the `Source`
|
|
|
|
|
- In the `Source attribute`, select `user.mail`
|
|
|
|
|
- Click `Save`
|
|
|
|
|
|
|
|
|
|
<!-- [//]: # ( b. (Optional) For custom claims:)
|
|
|
|
|
[//]: # ( - Click Add new claim, provide details, and save.)
|
|
|
|
|
[//]: # ( - Ensure the claim is visible in the Additional claims section.)
|
|
|
|
|
[//]: # ( - Copy the claim name for later use in NocoDB SAML configurations.) -->
|
|
|
|
|
|
|
|
|
|
7. Go to the `SAML Certificates` section and copy the `App Federation Metadata URL`
|
|
|
|
|
8. on the Application's Overview page,
|
|
|
|
|
- Click `Users and groups`,
|
|
|
|
|
- Add the necessary users or groups to the application.
|
|
|
|
|
|
|
|
|
|
### NocoDB, Configure Azure AD as an Identity Provider
|
|
|
|
|
|
|
|
|
|
1. Go to `Account Settings` > `Authentication` > `SAML`
|
|
|
|
|
2. Insert `Metadata URL` retrieved in step above; alternatively you can configure XML directly as well
|
|
|
|
|
3. `Save`
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
For Sign-in's, user should be able to now see `Sign in with <SSO>` option.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
:::note
|
|
|
|
|
Post sign-out, refresh page (for the first time) if you do not see `Sign in with <SSO>` option
|
|
|
|
|
:::
|
