|
|
|
---
|
|
|
|
title: 'Ping Identity'
|
|
|
|
description: 'Learn how to configure Ping Identity as an identity provider for NocoDB.'
|
|
|
|
tags: ['SSO', 'Ping Identity', 'OIDC']
|
|
|
|
keywords: ['SSO', 'Ping Identity', 'OIDC', 'Authentication', 'Identity Provider']
|
|
|
|
---
|
|
|
|
|
|
|
|
:::warning
|
|
|
|
SSO is available under private beta for self hosted enterprise customers. Please reach [**out to us**](https://calendly.com/nocodb) for early access.
|
|
|
|
:::
|
|
|
|
|
|
|
|
|
|
|
|
This article briefs about the steps to configure Ping Identity as Identity service provider for NocoDB
|
|
|
|
|
|
|
|
### NocoDB, Retrieve `Redirect URL`
|
|
|
|
1. Go to `Account Settings`
|
|
|
|
2. Select `Authentication (SSO)`
|
|
|
|
3. Click on `New Provider` button
|
|
|
|
4. On the Popup modal, Specify a `Display name` for the provider; note that, this name will be used to display the provider on the login page
|
|
|
|
5. Retrieve `Redirect URL`; this information will be required to be configured later with the Identity Provider
|
|
|
|
|
|
|
|
![OIDC SSO Configuration](/img/v2/account-settings/SSO-1.png)
|
|
|
|
![OIDC SSO Configuration](/img/v2/account-settings/OIDC-2.png)
|
|
|
|
![OIDC SSO Configuration](/img/v2/account-settings/OIDC-3.png)
|
|
|
|
|
|
|
|
|
|
|
|
### Ping Identity, Configure NocoDB as an Application
|
|
|
|
1. Access your [PingOne account](https://www.pingidentity.com/en/account/sign-on.html) and navigate to the homepage.
|
|
|
|
2. Click on `Add Environment` from the top right corner.
|
|
|
|
3. On the `Create Environment` screen,
|
|
|
|
- Opt for `Build your own solution`
|
|
|
|
- In the `Select solution(s) for your Environment` section, select `PingOne SSO` from `Cloud Services`
|
|
|
|
- Click `Next`
|
|
|
|
- Provide a name and description for the environment,
|
|
|
|
- Click `Next`
|
|
|
|
4. Access the newly created environment and go to `Connections` > `Applications` from the sidebar.
|
|
|
|
5. Within the Applications homepage, initiate the creation of a new application by clicking the "+" icon.
|
|
|
|
6. On the "Add Application" panel:
|
|
|
|
- Input the application name and description.
|
|
|
|
- Choose "OIDC Web App" as the Application Type and click "Configure"
|
|
|
|
7. From your application,
|
|
|
|
- Go to `Configurations` tab
|
|
|
|
- Click on `Edit` button
|
|
|
|
- Check `Refresh Token` option
|
|
|
|
- Copy `Authorization URL`, `Token URL`, `Userinfo URL` & `JWK Set URL` from the `Endpoints` section
|
|
|
|
- From `Generals` dropdown, copy `Client ID` & `Client Secret`
|
|
|
|
- `Save`
|
|
|
|
8. From `Resources` tab,
|
|
|
|
- Click `Edit`
|
|
|
|
- Select `openid` `profile` `email` from `Scopes`
|
|
|
|
9. Switch toggle button in the top right corner to `On` to activate the application.
|
|
|
|
|
|
|
|
|
|
|
|
### NocoDB, Configure Ping Identity as an Identity Provider
|
|
|
|
1. In NocoDB, open `Account Settings` > `Authentication` > `OIDC`. On the "Register OIDC Identity Provider" modal, insert the following information:
|
|
|
|
- Insert `Client ID` retrieved in step (9) above as `Client ID`
|
|
|
|
- Insert `Client Secret` retrieved in step (9) above as `Client Secret`
|
|
|
|
- Insert `Authorization URL` retrieved in step (9) above as `Authorization URL`
|
|
|
|
- Insert `Token URL` retrieved in step (9) above as `Token URL`
|
|
|
|
- Insert `Userinfo URL` retrieved in step (9) above as `Userinfo URL`
|
|
|
|
- Insert `JWK Set URL` retrieved in step (9) above as `JWK Set URL`
|
|
|
|
- Set `Scope` as `openid` `profile` `email` `offline_access`
|
|
|
|
- In the Username Attribute field, indicate the name of the claim that represents the user's email. The default value is set to "email."
|
|
|
|
|
|
|
|
For Sign-in's, user should be able to now see `Sign in with <SSO>` option.
|
|
|
|
|
|
|
|
![SAML SSO Configuration](/img/v2/account-settings/SSO-SignIn.png)
|
|
|
|
|
|
|
|
|
|
|
|
:::note
|
|
|
|
Post sign-out, refresh page (for the first time) if you do not see `Sign in with <SSO>` option
|
|
|
|
:::
|
|
|
|
|
|
|
|
For information about Ping Identity API Scopes, refer [here](https://docs.pingidentity.com/r/en-us/pingone/pingone_t_edit_scopes_for_an_application)
|