多维表格
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

61 lines
2.9 KiB

---
title: 'Auth0'
description: 'Learn how to configure Auth0 as an identity provider for NocoDB.'
tags: ['SSO', 'Auth0', 'OIDC']
keywords: ['SSO', 'Auth0', 'OIDC', 'Authentication', 'Identity Provider']
---
:::info
For SSO Access - please reach [**out to sales team**](https://calendly.com/nocodb).
:::
This article briefs about the steps to configure Auth0 as Identity service provider for NocoDB
10 months ago
### NocoDB, Retrieve `Redirect URL`
1. Go to `Account Settings`
2. Select `Authentication (SSO)`
3. Click on `New Provider` button
4. On the Popup modal, Specify a `Display name` for the provider; note that, this name will be used to display the provider on the login page
5. Retrieve `Redirect URL`; this information will be required to be configured later with the Identity Provider
![OIDC SSO Configuration](/img/v2/account-settings/SSO-1.png)
![OIDC SSO Configuration](/img/v2/account-settings/OIDC-2.png)
![OIDC SSO Configuration](/img/v2/account-settings/OIDC-3.png)
### Auth0, Configure NocoDB as an Application
1. Access your [Auth0 account](https://auth0.com/)
- navigate to `Applications` > `Create Application`.
10 months ago
2. In the `Create Application` modal,
- choose `Regular Web Application`
- click `Create`
10 months ago
3. On Quick start screen, go to `Settings` tab
- Copy the `Client ID` and `Client Secret` from the `Basic Information` section.
10 months ago
4. Goto `Application URIs` section
- Add the `Redirect URL` copied from step(2) under `Allowed Callback URLs`.
- `Save Changes`
10 months ago
5. On the `Settings` tab, go to the `Advanced Settings` section and click on the `Endpoints` tab.
- Copy the `OAuth Authorization URL`, `OAuth Token URL`, `OAuth User Info URL` & `JSON Web Key Set URL`
10 months ago
### NocoDB, Configure Auth0 as an Identity Provider
1. In NocoDB, open `Account Settings` > `Authentication` > `OIDC`. On the "Register OIDC Identity Provider" modal, insert the following information:
- Insert `Client ID` retrieved in step (5) above as `Client ID`
- Insert `Client Secret` retrieved in step (5) above as `Client Secret`
- Insert `OAuth Authorization URL` retrieved in step (7) above as `Authorization URL`
- Insert `OAuth Token URL` retrieved in step (7) above as `Token URL`
- Insert `OAuth User Info URL` retrieved in step (7) above as `Userinfo URL`
- Insert `JSON Web Key Set URL` retrieved in step (7) above as `JWK Set URL`
- Set `Scope` as `openid` `profile` `email` `offline_access`
10 months ago
- In the Username Attribute field, indicate the name of the claim that represents the user's email. The default value is set to "email."
For Sign-in's, user should be able to now see `Sign in with <SSO>` option.
10 months ago
![SAML SSO Configuration](/img/v2/account-settings/SSO-SignIn.png)
:::note
Post sign-out, refresh page (for the first time) if you do not see `Sign in with <SSO>` option
:::
For information about Auth0 API Scopes, refer [here](https://auth0.com/docs/secure/tokens/refresh-tokens)