|
|
|
|
---
|
|
|
|
|
title: 'Auth0'
|
|
|
|
|
description: 'Learn how to configure Auth0 as an identity provider for NocoDB.'
|
|
|
|
|
tags: ['SSO', 'Auth0', 'OIDC']
|
|
|
|
|
keywords: ['SSO', 'Auth0', 'OIDC', 'Authentication', 'Identity Provider']
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
:::warning
|
|
|
|
|
SSO is available under private beta for self hosted enterprise customers. Please reach [**out to us**](https://calendly.com/nocodb) for early access.
|
|
|
|
|
:::
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This article briefs about the steps to configure Auth0 as Identity service provider for NocoDB
|
|
|
|
|
|
|
|
|
|
### NocoDB, Retrieve `Redirect URL`
|
|
|
|
|
1. Go to `Account Settings`
|
|
|
|
|
2. Select `Authentication (SSO)`
|
|
|
|
|
3. Click on `New Provider` button
|
|
|
|
|
4. On the Popup modal, Specify a `Display name` for the provider; note that, this name will be used to display the provider on the login page
|
|
|
|
|
5. Retrieve `Redirect URL`; this information will be required to be configured later with the Identity Provider
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### Auth0, Configure NocoDB as an Application
|
|
|
|
|
1. Access your [Auth0 account](https://auth0.com/)
|
|
|
|
|
- navigate to `Applications` > `Create Application`.
|
|
|
|
|
2. In the `Create Application` modal,
|
|
|
|
|
- choose `Regular Web Application`
|
|
|
|
|
- click `Create`
|
|
|
|
|
3. On Quick start screen, go to `Settings` tab
|
|
|
|
|
- Copy the `Client ID` and `Client Secret` from the `Basic Information` section.
|
|
|
|
|
4. Goto `Application URIs` section
|
|
|
|
|
- Add the `Redirect URL` copied from step(2) under `Allowed Callback URLs`.
|
|
|
|
|
- `Save Changes`
|
|
|
|
|
5. On the `Settings` tab, go to the `Advanced Settings` section and click on the `Endpoints` tab.
|
|
|
|
|
- Copy the `OAuth Authorization URL`, `OAuth Token URL`, `OAuth User Info URL` & `JSON Web Key Set URL`
|
|
|
|
|
|
|
|
|
|
### NocoDB, Configure Auth0 as an Identity Provider
|
|
|
|
|
1. In NocoDB, open `Account Settings` > `Authentication` > `OIDC`. On the "Register OIDC Identity Provider" modal, insert the following information:
|
|
|
|
|
- Insert `Client ID` retrieved in step (5) above as `Client ID`
|
|
|
|
|
- Insert `Client Secret` retrieved in step (5) above as `Client Secret`
|
|
|
|
|
- Insert `OAuth Authorization URL` retrieved in step (7) above as `Authorization URL`
|
|
|
|
|
- Insert `OAuth Token URL` retrieved in step (7) above as `Token URL`
|
|
|
|
|
- Insert `OAuth User Info URL` retrieved in step (7) above as `Userinfo URL`
|
|
|
|
|
- Insert `JSON Web Key Set URL` retrieved in step (7) above as `JWK Set URL`
|
|
|
|
|
- Set `Scope` as `openid` `profile` `email` `offline_access`
|
|
|
|
|
- In the Username Attribute field, indicate the name of the claim that represents the user's email. The default value is set to "email."
|
|
|
|
|
|
|
|
|
|
For Sign-in's, user should be able to now see `Sign in with <SSO>` option.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
:::note
|
|
|
|
|
Post sign-out, refresh page (for the first time) if you do not see `Sign in with <SSO>` option
|
|
|
|
|
:::
|
|
|
|
|
|
|
|
|
|
For information about Auth0 API Scopes, refer [here](https://auth0.com/docs/secure/tokens/refresh-tokens)
|
