mirror of https://github.com/nocodb/nocodb
Raju Udava
11 months ago
1 changed files with 63 additions and 0 deletions
@ -0,0 +1,63 @@ |
|||||||
|
--- |
||||||
|
title: 'Azure AD' |
||||||
|
description: 'Learn how to configure Azure AD as an identity provider for NocoDB.' |
||||||
|
tags: ['SSO', 'Azure AD', 'OIDC'] |
||||||
|
keywords: ['SSO', 'Azure AD', 'OIDC', 'Authentication', 'Identity Provider'] |
||||||
|
--- |
||||||
|
|
||||||
|
This article briefs about the steps to configure Azure AD as Identity service provider for NocoDB |
||||||
|
|
||||||
|
1. Enable `OIDC SSO` on NocoDB |
||||||
|
- Go to `Account Settings` > `Authentication` |
||||||
|
- Activate `OIDC` toggle button |
||||||
|
2. Retrieve `Redirect URL` from NocoDB |
||||||
|
- Go to `Account Settings` > `Authentication` > `OIDC` |
||||||
|
- Note down `Redirect URL` ; these information will be required to be configured later with the Identity Provider |
||||||
|
3. Sign in to your [Azure account](https://portal.azure.com/#allservices) and navigate to `Azure Active Directory` under `Azure Services`. |
||||||
|
4. Access `Manage Tenants` from the navigation bar, select your directory, and click `Switch`. |
||||||
|
5. On your directory's homepage, click `+ Add` > `App Registration` from the navigation bar. |
||||||
|
6. On the `Register an application` page, |
||||||
|
- Provide your application's name. |
||||||
|
- Set `Accounts in this organizational directory only` as the `Supported account types`. |
||||||
|
- Choose `Web` as the Application type |
||||||
|
- Add the `Redirect URL` under `Redirect URIs`. |
||||||
|
- `Register` |
||||||
|
7. On your application's homepage, |
||||||
|
- Copy the `Application (client) ID` |
||||||
|
- Click `Add a certificate or secret` under `Client credentials` section |
||||||
|
- On `Certificates & secrets` page, go to `Client secrets` section |
||||||
|
- Click `New client secret` |
||||||
|
- On `Add a client secret` page, |
||||||
|
- Add a description for the secret |
||||||
|
- Set expiration as required |
||||||
|
- `Add` |
||||||
|
- Copy the `Value` of the newly created secret |
||||||
|
8. On your application's homepage, |
||||||
|
- Go to `Endpoints` tab |
||||||
|
- Open `OpenID Connect metadata document` URL & copy `authorization_endpoint`, `token_endpoint`, `userinfo_endpoint` & `jwks_uri` from the JSON response |
||||||
|
9. Configuring scopes |
||||||
|
- Go to `API permissions` tab |
||||||
|
- Click `Add a permission` |
||||||
|
- On `Request API permissions` page, |
||||||
|
- Select `Microsoft Graph` from `Microsoft APIs` |
||||||
|
- Select `Delegated permissions` |
||||||
|
- Select `openid` `profile` `email` `offline_access` from `Select permissions` dropdown |
||||||
|
- From `Users` dropdown, select `User.Read` |
||||||
|
- `Add permissions` |
||||||
|
- Click `Grant admin consent for this directory` from the `API permissions` page |
||||||
|
10. On NocoDB, open `Account Settings` > `Authentication` > `OIDC` |
||||||
|
- Insert `Application (client) ID` retrieved in step (7) above as `Client ID` |
||||||
|
- Insert `Value` of the newly created secret retrieved in step (7) above as `Client Secret` |
||||||
|
- Insert `authorization_endpoint` retrieved in step (8) above as `Authorization URL` |
||||||
|
- Insert `token_endpoint` retrieved in step (8) above as `Token URL` |
||||||
|
- Insert `userinfo_endpoint` retrieved in step (8) above as `Userinfo URL` |
||||||
|
- Insert `jwks_uri` retrieved in step (8) above as `JWK Set URL` |
||||||
|
- Set `Scope` as `openid` `profile` `email` `offline_access` |
||||||
|
|
||||||
|
- For Sign-in's, user should be able to now see `Sign in with <SSO>` option. |
||||||
|
|
||||||
|
:::note |
||||||
|
Post sign-out, refresh page (for the first time) if you do not see `Sign in with <SSO>` option |
||||||
|
::: |
||||||
|
|
||||||
|
For information about Azure AD API Scopes, refer [here](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#offline_access) |
Loading…
Reference in new issue