diff --git a/packages/noco-docs/docs/140.account-settings/030.authentication/030.SAML-SSO/040.azure-ad.md b/packages/noco-docs/docs/140.account-settings/030.authentication/030.SAML-SSO/040.azure-ad.md index 1cde5b012e..c02385c69c 100644 --- a/packages/noco-docs/docs/140.account-settings/030.authentication/030.SAML-SSO/040.azure-ad.md +++ b/packages/noco-docs/docs/140.account-settings/030.authentication/030.SAML-SSO/040.azure-ad.md @@ -1,6 +1,6 @@ --- -title: 'Azure AD (Entra)' -description: 'Learn how to configure Active Directory as an identity provider for NocoDB.' +title: 'Azure AD (Entra)' +description: 'Learn how to configure Active Directory as an identity provider for NocoDB.' tags: ['SSO', 'Active Directory', 'SAML'] keywords: ['SSO', 'Active Directory', 'SAML', 'Authentication', 'Identity Provider'] --- @@ -12,46 +12,52 @@ For SSO Access - please reach [**out to sales team**](https://calendly.com/nocod This article briefs about the steps to configure Active Directory as Identity service provider for NocoDB ### NocoDB, Retrieve `SAML SSO` Configuration details + 1. Go to `Account Settings` 2. Select `Authentication (SSO)` 3. Click on `New Provider` button -4. On the Popup modal, Specify a `Display name` for the provider; note that, this name will be used to display the provider on the login page -5. Retrieve `Redirect URL` & `Audience / Entity ID`; these information will be required to be configured later with the Identity Provider +4. On the Popup modal, Specify a `Display name` for the provider; note that, this name will be used to display the + provider on the login page +5. Retrieve `Redirect URL` & `Audience / Entity ID`; these information will be required to be configured later with the + Identity Provider ![SAML SSO Configuration](/img/v2/account-settings/SSO-1.png) ![SAML SSO Configuration](/img/v2/account-settings/SAML-2.png) ![SAML SSO Configuration](/img/v2/account-settings/SAML-3.png) - ### Azure AD, Configure NocoDB as an Application -1. Sign in to your [Azure account](https://portal.azure.com/#allservices) and navigate to `Microsoft Entra admin center` > `Identity` > `Enterprise applications` -2. Click `+ New application` + +1. Sign in to your [Azure account](https://portal.azure.com/#allservices) and navigate + to `Microsoft Entra admin center` > `Identity` > `Enterprise applications` +2. Click `+ New application` 3. On the `Browse Microsoft Entra Gallery` page, select `Create your own application` from the navigation bar. - a. Provide your application's name. - b. Choose `Integrate any other application you don't find in the gallery (Non-gallery)` - c. `Create` + - Provide your application's name. + - Choose `Integrate any other application you don't find in the gallery (Non-gallery)` + - `Create` 4. On your application page, navigate to `Manage` > `Single sign-on` > `SAML` 5. Go to the `Basic SAML Configuration` section under `Set up Single Sign-On with SAML` and click `Edit` - a. Add the `Audience URI` under `Identifier (Entity ID)`. - b. Add the `Redirect URL` under `Replay URL (Assertion Consumer Service URL)`. - c. Click `Save` + - Add the `Audience URI` under `Identifier (Entity ID)`. + - Add the `Redirect URL` under `Replay URL (Assertion Consumer Service URL)`. + - Click `Save` 6. In the `Attributes & Claims` section, click `Edit` - a. Edit the "Unique User Identifier (Name ID)" claim: + - Edit the "Unique User Identifier (Name ID)" claim: - Select `Email address` from the `Name identifier format` dropdown - Choose `Attribute` as the `Source` - In the `Source attribute`, select `user.mail` - Click `Save` -[//]: # ( b. (Optional) For custom claims:) + + + 7. Go to the `SAML Certificates` section and copy the `App Federation Metadata URL` -8. on the Application's Overview page, - - Click `Users and groups`, +8. on the Application's Overview page, + - Click `Users and groups`, - Add the necessary users or groups to the application. - ### NocoDB, Configure Azure AD as an Identity Provider + 1. Go to `Account Settings` > `Authentication` > `SAML` 2. Insert `Metadata URL` retrieved in step above; alternatively you can configure XML directly as well 3. `Save` @@ -64,4 +70,4 @@ For Sign-in's, user should be able to now see `Sign in with ` option. :::note Post sign-out, refresh page (for the first time) if you do not see `Sign in with ` option -::: \ No newline at end of file +:::