1. Sign in to your [Azure account](https://portal.azure.com/#allservices) and navigate to `Microsoft Entra admin center` > `Identity` > `Enterprise applications`
2. Click `+ New application`
1. Sign in to your [Azure account](https://portal.azure.com/#allservices) and navigate
to `Microsoft Entra admin center` > `Identity` > `Enterprise applications`
2. Click `+ New application`
3. On the `Browse Microsoft Entra Gallery` page, select `Create your own application` from the navigation bar.
3. On the `Browse Microsoft Entra Gallery` page, select `Create your own application` from the navigation bar.
a. Provide your application's name.
- Provide your application's name.
b. Choose `Integrate any other application you don't find in the gallery (Non-gallery)`
- Choose `Integrate any other application you don't find in the gallery (Non-gallery)`
c.`Create`
-`Create`
4. On your application page, navigate to `Manage` > `Single sign-on` > `SAML`
4. On your application page, navigate to `Manage` > `Single sign-on` > `SAML`
5. Go to the `Basic SAML Configuration` section under `Set up Single Sign-On with SAML` and click `Edit`
5. Go to the `Basic SAML Configuration` section under `Set up Single Sign-On with SAML` and click `Edit`
a. Add the `Audience URI` under `Identifier (Entity ID)`.
- Add the `Audience URI` under `Identifier (Entity ID)`.
b. Add the `Redirect URL` under `Replay URL (Assertion Consumer Service URL)`.
- Add the `Redirect URL` under `Replay URL (Assertion Consumer Service URL)`.
c. Click `Save`
- Click `Save`
6. In the `Attributes & Claims` section, click `Edit`
6. In the `Attributes & Claims` section, click `Edit`
a. Edit the "Unique User Identifier (Name ID)" claim:
- Edit the "Unique User Identifier (Name ID)" claim:
- Select `Email address` from the `Name identifier format` dropdown
- Select `Email address` from the `Name identifier format` dropdown
- Choose `Attribute` as the `Source`
- Choose `Attribute` as the `Source`
- In the `Source attribute`, select `user.mail`
- In the `Source attribute`, select `user.mail`
- Click `Save`
- Click `Save`
[//]: # ( b. (Optional) For custom claims:)
<!-- [//]: # ( b. (Optional) For custom claims:)
[//]: # ( - Click Add new claim, provide details, and save.)
[//]: # ( - Click Add new claim, provide details, and save.)
[//]: # ( - Ensure the claim is visible in the Additional claims section.)
[//]: # ( - Ensure the claim is visible in the Additional claims section.)
[//]: # ( - Copy the claim name for later use in NocoDB SAML configurations.)
[//]: # ( - Copy the claim name for later use in NocoDB SAML configurations.) -->
7. Go to the `SAML Certificates` section and copy the `App Federation Metadata URL`
7. Go to the `SAML Certificates` section and copy the `App Federation Metadata URL`
8. on the Application's Overview page,
8. on the Application's Overview page,
- Click `Users and groups`,
- Click `Users and groups`,
- Add the necessary users or groups to the application.
- Add the necessary users or groups to the application.
### NocoDB, Configure Azure AD as an Identity Provider
### NocoDB, Configure Azure AD as an Identity Provider
1. Go to `Account Settings` > `Authentication` > `SAML`
1. Go to `Account Settings` > `Authentication` > `SAML`
2. Insert `Metadata URL` retrieved in step above; alternatively you can configure XML directly as well
2. Insert `Metadata URL` retrieved in step above; alternatively you can configure XML directly as well
3. `Save`
3. `Save`
@ -64,4 +70,4 @@ For Sign-in's, user should be able to now see `Sign in with <SSO>` option.
:::note
:::note
Post sign-out, refresh page (for the first time) if you do not see `Sign in with <SSO>` option
Post sign-out, refresh page (for the first time) if you do not see `Sign in with <SSO>` option
Pranav C
21 hours ago
committed by
GitHub