Browse Source

Merge pull request #7575 from nocodb/nc-docs/sso

Nc docs/SSO (cloud only)
pull/7577/head
Raju Udava 10 months ago committed by GitHub
parent
commit
c1c6f6244c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
  1. 2
      packages/noco-docs/docs/080.records/070.actions-on-record.md
  2. 49
      packages/noco-docs/docs/140.account-settings/030.authentication/010.overview.md
  3. 25
      packages/noco-docs/docs/140.account-settings/030.authentication/020.google-oauth.md
  4. 55
      packages/noco-docs/docs/140.account-settings/030.authentication/030.SAML-SSO/010.okta.md
  5. 66
      packages/noco-docs/docs/140.account-settings/030.authentication/030.SAML-SSO/020.auth0.md
  6. 59
      packages/noco-docs/docs/140.account-settings/030.authentication/030.SAML-SSO/030.ping-identity.md
  7. 63
      packages/noco-docs/docs/140.account-settings/030.authentication/030.SAML-SSO/040.azure-ad.md
  8. 59
      packages/noco-docs/docs/140.account-settings/030.authentication/030.SAML-SSO/050.keycloak.md
  9. 8
      packages/noco-docs/docs/140.account-settings/030.authentication/030.SAML-SSO/_category_.json
  10. 63
      packages/noco-docs/docs/140.account-settings/030.authentication/040.OIDC-SSO/010.okta.md
  11. 56
      packages/noco-docs/docs/140.account-settings/030.authentication/040.OIDC-SSO/020.auth0.md
  12. 69
      packages/noco-docs/docs/140.account-settings/030.authentication/040.OIDC-SSO/030.ping-identity.md
  13. 76
      packages/noco-docs/docs/140.account-settings/030.authentication/040.OIDC-SSO/040.azure-ad.md
  14. 8
      packages/noco-docs/docs/140.account-settings/030.authentication/040.OIDC-SSO/_category_.json
  15. 8
      packages/noco-docs/docs/140.account-settings/030.authentication/_category_.json
  16. 0
      packages/noco-docs/docs/140.account-settings/040.oss-specific-details.md
  17. BIN
      packages/noco-docs/static/img/v2/account-settings/OIDC-2.png
  18. BIN
      packages/noco-docs/static/img/v2/account-settings/OIDC-3.png
  19. BIN
      packages/noco-docs/static/img/v2/account-settings/SAML-2.png
  20. BIN
      packages/noco-docs/static/img/v2/account-settings/SAML-3.png
  21. BIN
      packages/noco-docs/static/img/v2/account-settings/SAML-4.png
  22. BIN
      packages/noco-docs/static/img/v2/account-settings/SSO-1.png
  23. BIN
      packages/noco-docs/static/img/v2/account-settings/SSO-SignIn.png

2
packages/noco-docs/docs/080.records/070.actions-on-record.md

@ -44,7 +44,7 @@ You can start editing by any of the following methods
And it will automatically save on blur event or if inactive.
### Bulk Update Records
### Bulk Update Records
You can bulk update records by
1. Selecting multiple records that you wish to update together and then
2. Right-click on the index field area (first column on the grid view) and then select `Bulk Update records` option from the context menu. This will open `Bulk update` modal.

49
packages/noco-docs/docs/140.account-settings/030.authentication/010.overview.md

@ -0,0 +1,49 @@
---
title: 'Overview'
description: 'Learn about different methods available for authentication with NocoDB.'
tags: ['SSO', 'Overview']
keywords: ['SSO', 'Overview', 'Authentication', 'Email', 'Password', 'SAML', 'OIDC']
---
This section provides an overview about different mechanisms available for authentication in NocoDB.
# Email and password based
This is the default form based authentication mechanism available in NocoDB. Users can sign up using email and password and then login using the same credentials.
# Single Sign On (SSO)
SSO is a session and user authentication service that permits a user to use one set of login credentials to access multiple applications. The service authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session.
SSO functionality is achieved by establishing a connection with an identity provider (IdP), which serves as a repository for managing users digital identities within the digital or cloud-based ecosystem. Through the use of protocols like the Security Assertion Markup Language (SAML 2.0), such as in the case of NocoDB, SSO facilitates the secure exchange of authentication data between the identity provider and the service providers.
[//]: # (### Google OAuth)
[//]: # ()
[//]: # (Google OAuth, short for Open Authorization, is a widely used and standardized protocol that facilitates secure authentication and authorization processes, particularly in the context of web and mobile applications. Developed by Google, OAuth enables users to grant third-party applications limited access to their resources without exposing their credentials. This authorization framework is based on token-based authentication, where users can log in using their Google credentials, and developers can obtain an access token to interact with Google APIs on the user's behalf.)
[//]: # ()
[//]: # (Please follow the details in the article to integrate with [Google OAuth](google-oauth))
### Security Assertion Markup Language (SAML)
The Security Assertion Markup Language (SAML) stands as a critical protocol in the realm of secure authentication and authorization processes. Developed to enable Single Sign-On (SSO) functionality, SAML facilitates the exchange of authentication and authorization data between an identity provider (IdP) and a service provider (SP). This XML-based protocol ensures the secure transfer of user identity information, allowing individuals to access multiple applications and services with a single set of credentials. SAML operates on a trust model, wherein the identity provider asserts the user's identity to the service provider, which, in turn, grants or denies access based on the provided assertions.
[//]: # (This robust framework is widely employed in various industries and platforms, contributing to the seamless and secure integration of disparate systems and applications in the digital landscape. SAML adoption is particularly evident in cloud-based services, enterprise applications, and other environments where a unified and secure authentication process is paramount.)
Please follow the details in the article below to integrate with various popular SAML providers.
1. [Okta](SAML-SSO/okta)
2. [Auth0](SAML-SSO/auth0)
3. [Ping Identity](SAML-SSO/ping-identity)
4. [Active Directory](SAML-SSO/azure-ad)
5. [Keycloak](SAML-SSO/keycloak)
### OpenID Connect (OIDC)
The OpenID Connect (OIDC) protocol is a modern authentication layer built on top of the OAuth 2.0 framework, designed to address user authentication and authorization challenges in web and mobile applications. OIDC provides a standardized and secure way for applications to verify the identity of end-users. Leveraging JSON Web Tokens (JWTs), OIDC enables the exchange of user identity information between the identity provider (IdP) and the Service provider, typically a web application.
[//]: # (One of the key advantages of OIDC is its ability to enable Single Sign-On (SSO) capabilities, allowing users to authenticate once and access multiple applications seamlessly. OIDC also provides a standardized set of claims, such as user profile information, making it easier for developers to integrate identity management into their applications. Widely adopted in various industries, OIDC plays a crucial role in enhancing the security and user experience of authentication processes across diverse digital platforms.)
Please follow the details in the article below to integrate with various popular OIDC providers.
1. [Okta](OIDC-SSO/okta)
2. [Auth0](OIDC-SSO/auth0)
3. [Ping Identity](OIDC-SSO/ping-identity)
4. [Active Directory](OIDC-SSO/azuire-ad)

25
packages/noco-docs/docs/140.account-settings/030.authentication/020.google-oauth.md

@ -0,0 +1,25 @@
---
title: 'Google OAuth'
description: 'Learn about different methods available for authentication with NocoDB.'
tags: ['SSO', 'Google', 'OAuth']
keywords: ['SSO', 'Overview', 'Authentication', 'Google', 'OAuth']
---
NocoDB offers a functionality that allows users to connect with Google OAuth 2.0, enabling them to log into their NocoDB accounts using their Google authentication credentials. This article provides a step-by-step guide to integrating Google OAuth 2.0 with NocoDB.
1. Copy `Redirect URI` from NocoDB
- Go to `Account Settings` > `Authentication` > `Google OAuth`
- Copy the `Redirect URI` from the `Google OAuth` section
2. Go to [Google Cloud Console](https://console.cloud.google.com/) and create a new project.
3. Visit the `OAuth consent screen` within the `APIs & Services` section.
a) Decide on the configuration and registration preferences for your application, specifying the intended user demographic
b) Click on the `Create` button
4. Set up the OAuth consent screen by providing details about the application and specifying the authorized domains where you host NocoDB.
5. Proceed to the `Credentials` screen, then click on `Create Credentials`. Choose `OAuth Client ID` from the available options to generate OAuth credentials.
6. Choose `Web application` from the options available in the `Application type` dropdown menu.
7. Configure the following
a) `Authorized JavaScript origins` refer to the HTTP origins where your web application is hosted, such as https://app.nocodb.com
b) `Authorized Redirect URIs` refer to the URIs where the user is redirected after successful authentication with Google. Paste the *Redirect URI* copied from NocoDB in step (1).
8. Click on the `Create` button to generate the OAuth credentials. Copy the `Client ID` and `Client Secret` from the OAuth 2.0 Client IDs section.
9. Go to `Account Settings` > `Authentication` > `Google OAuth` in NocoDB and paste the `Client ID` and `Client Secret` in the respective fields.

55
packages/noco-docs/docs/140.account-settings/030.authentication/030.SAML-SSO/010.okta.md

@ -0,0 +1,55 @@
---
title: 'Okta'
description: 'Learn how to configure Okta as an identity provider for NocoDB.'
tags: ['SSO', 'Okta', 'SAML']
keywords: ['SSO', 'Okta', 'SAML', 'Authentication', 'Identity Provider']
---
This article briefs about the steps to configure Okta as Identity service provider for NocoDB
### NocoDB, Retrieve `SAML SSO` Configuration details
1. Go to `Account Settings`
2. Select `Authentication (SSO)`
3. Click on `New Provider` button
4. On the Popup modal, Specify a `Display name` for the provider; note that, this name will be used to display the provider on the login page
5. Retrieve `Redirect URL` & `Audience / Entity ID`; these information will be required to be configured later with the Identity Provider
![SAML SSO Configuration](/img/v2/account-settings/SSO-1.png)
![SAML SSO Configuration](/img/v2/account-settings/SAML-2.png)
![SAML SSO Configuration](/img/v2/account-settings/SAML-3.png)
### Okta, Configure NocoDB as an Application
1. Sign in to your [Okta account](https://www.okta.com/)
- Navigate to `Applications` > `Applications`
- Click `Create App Integration`
2. In the pop-up with title `Create a new app integration` choose `SAML 2.0` as the Sign-in method
3. On the `Create SAML Integration` page, in the General settings - provide a name for your app; click `Next`
4. In the `Configure SAML` section:
- Enter the `Redirect URL` copied from NocoDB in the `Single sign-on URL` field.
- Add the `Audience URI` copied from NocoDB in the `Audience URI (SP Entity ID)` field.
- Choose `Email Address` from the `Name ID format` options.
- Select `Email` from the `Application user-name` options.
- Click `Next`
5. Complete any additional information in the final step and click `Finish`
6. On your application's homepage,
- Navigate to the `Sign-on` tab
- Copy the `Metadata URL` from the `SAML 2.0` section
7. Go to the `Assignments` tab and click `Assign` to assign people or groups to this application.
### NocoDB, Configure Okta as an Identity Provider
1. Go to `Account Settings` > `Authentication (SSO)` > `SAML`
2. On the "Register SAML Identity Provider" modal, insert `Metadata URL` retrieved in step above; alternatively you can configure XML directly as well
3. `Save`
![SAML SSO Configuration](/img/v2/account-settings/SAML-4.png)
For Sign-in's, user should be able to now see `Sign in with <SSO>` option.
![SAML SSO Configuration](/img/v2/account-settings/SSO-SignIn.png)
:::note
Post sign-out, refresh page (for the first time) if you do not see `Sign in with <SSO>` option
:::

66
packages/noco-docs/docs/140.account-settings/030.authentication/030.SAML-SSO/020.auth0.md

@ -0,0 +1,66 @@
---
title: 'Auth0'
description: 'Learn how to configure Auth0 as an identity provider for NocoDB.'
tags: ['SSO', 'Auth0', 'SAML']
keywords: ['SSO', 'Auth0', 'SAML', 'Authentication', 'Identity Provider']
---
This article briefs about the steps to configure Auth0 as Identity service provider for NocoDB
### NocoDB, Retrieve `SAML SSO` Configuration details
1. Go to `Account Settings`
2. Select `Authentication (SSO)`
3. Click on `New Provider` button
4. On the Popup modal, Specify a `Display name` for the provider; note that, this name will be used to display the provider on the login page
5. Retrieve `Redirect URL` & `Audience / Entity ID`; these information will be required to be configured later with the Identity Provider
![SAML SSO Configuration](/img/v2/account-settings/SSO-1.png)
![SAML SSO Configuration](/img/v2/account-settings/SAML-2.png)
![SAML SSO Configuration](/img/v2/account-settings/SAML-3.png)
### Auth0, Configure NocoDB as an Application
1. Access your [Auth0 account](https://auth0.com/)
- navigate to `Applications` > `Create Application`.
2. In the `Create Application` modal,
- choose `Regular Web Application`
- click `Create`
3. Upon successful creation, you will be directed to the `Quick Start` screen.
- Go to the `Addons` tab.
- Enable `SAML2 Web App`
4. On the `SAML2 Web App` modal,
- Paste `Redirect URL` copied in step above into `Application Callback URL` field
- In Settings, retain `nameIdentifierProbes` as `["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"]`; remove other probes if any
```json
{
"nameIdentifierProbes": [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
]
}
```
- Click `Enable` to save the settings
5. On the `Settings` tab,
- move to `Advanced Settings` > `Endpoints` > `SAML` section,
- copy the SAML `Metadata URL`
[//]: # (3. Upon successful creation, you will be directed to the `Quick Start` screen. )
[//]: # ( - Go to the `Settings` tab.)
[//]: # ( - Paste `Redirect URI` copied in step above into `Allowed Callback URLs` field)
[//]: # ( - `Save`)
### NocoDB, Configure Auth0 as an Identity Provider
1. Go to `Account Settings` > `Authentication` > `SAML`
2. Insert `Metadata URL` retrieved in step above; alternatively you can configure XML directly as well
3. `Save`
![SAML SSO Configuration](/img/v2/account-settings/SAML-4.png)
For Sign-in's, user should be able to now see `Sign in with <SSO>` option.
![SAML SSO Configuration](/img/v2/account-settings/SSO-SignIn.png)
:::note
Post sign-out, refresh page (for the first time) if you do not see `Sign in with <SSO>` option
:::

59
packages/noco-docs/docs/140.account-settings/030.authentication/030.SAML-SSO/030.ping-identity.md

@ -0,0 +1,59 @@
---
title: 'Ping Identity'
description: 'Learn how to configure Ping Identity as an identity provider for NocoDB.'
tags: ['SSO', 'Ping Identity', 'SAML']
keywords: ['SSO', 'Ping Identity', 'SAML', 'Authentication', 'Identity Provider']
---
This article briefs about the steps to configure Auth0 as Identity service provider for NocoDB
### NocoDB, Retrieve `SAML SSO` Configuration details
1. Go to `Account Settings`
2. Select `Authentication (SSO)`
3. Click on `New Provider` button
4. On the Popup modal, Specify a `Display name` for the provider; note that, this name will be used to display the provider on the login page
5. Retrieve `Redirect URL` & `Audience / Entity ID`; these information will be required to be configured later with the Identity Provider
![SAML SSO Configuration](/img/v2/account-settings/SSO-1.png)
![SAML SSO Configuration](/img/v2/account-settings/SAML-2.png)
![SAML SSO Configuration](/img/v2/account-settings/SAML-3.png)
### Ping Identity, Configure NocoDB as an Application
1. Access your [PingOne account](https://www.pingidentity.com/en/account/sign-on.html) and navigate to the homepage.
2. Click on `Add Environment` from the top right corner.
3. On the `Create Environment` screen,
- Opt for `Build your own solution`
- In the `Select solution(s) for your Environment` section, select `PingOne SSO` from `Cloud Services`
- Click `Next`
- Provide a name and description for the environment,
- Click `Next`
4. Access the newly created environment and go to `Connections` > `Applications` from the sidebar.
5. Within the Applications homepage, initiate the creation of a new application by clicking the "+" icon.
6. On the "Add Application" panel:
- Input the application name and description.
- Choose "SAML Application" as the Application Type and click "Configure."
- Within the SAML Configuration panel, opt for "Manually Enter."
- Populate the `ACS URLs` field with the `Redirect URL` retrieved from step (2) above
- Insert the `Audience URI` retrieved above in step (2) in the `Entity ID` field
- `Save`
7. In your application,
- Navigate to the `Configurations` tab
- Copy the `IDP Metadata URL`
8. On your application panel, activate user access to the application by toggling the switch in the top right corner.
### NocoDB, Configure Ping Identity as an Identity Provider
1. Go to `Account Settings` > `Authentication` > `SAML`
2. Insert `Metadata URL` retrieved in step above; alternatively you can configure XML directly as well
3. `Save`
![SAML SSO Configuration](/img/v2/account-settings/SAML-4.png)
For Sign-in's, user should be able to now see `Sign in with <SSO>` option.
![SAML SSO Configuration](/img/v2/account-settings/SSO-SignIn.png)
:::note
Post sign-out, refresh page (for the first time) if you do not see `Sign in with <SSO>` option
:::

63
packages/noco-docs/docs/140.account-settings/030.authentication/030.SAML-SSO/040.azure-ad.md

@ -0,0 +1,63 @@
---
title: 'Azure AD (Entra)'
description: 'Learn how to configure Active Directory as an identity provider for NocoDB.'
tags: ['SSO', 'Active Directory', 'SAML']
keywords: ['SSO', 'Active Directory', 'SAML', 'Authentication', 'Identity Provider']
---
This article briefs about the steps to configure Active Directory as Identity service provider for NocoDB
### NocoDB, Retrieve `SAML SSO` Configuration details
1. Go to `Account Settings`
2. Select `Authentication (SSO)`
3. Click on `New Provider` button
4. On the Popup modal, Specify a `Display name` for the provider; note that, this name will be used to display the provider on the login page
5. Retrieve `Redirect URL` & `Audience / Entity ID`; these information will be required to be configured later with the Identity Provider
![SAML SSO Configuration](/img/v2/account-settings/SSO-1.png)
![SAML SSO Configuration](/img/v2/account-settings/SAML-2.png)
![SAML SSO Configuration](/img/v2/account-settings/SAML-3.png)
### Azure AD, Configure NocoDB as an Application
1. Sign in to your [Azure account](https://portal.azure.com/#allservices) and navigate to `Microsoft Entra admin center` > `Identity` > `Enterprise applications`
2. Click `+ New application`
3. On the `Browse Microsoft Entra Gallery` page, select `Create your own application` from the navigation bar.
a. Provide your application's name.
b. Choose `Integrate any other application you don't find in the gallery (Non-gallery)`
c. `Create`
4. On your application page, navigate to `Manage` > `Single sign-on` > `SAML`
5. Go to the `Basic SAML Configuration` section under `Set up Single Sign-On with SAML` and click `Edit`
a. Add the `Audience URI` under `Identifier (Entity ID)`.
b. Add the `Redirect URL` under `Replay URL (Assertion Consumer Service URL)`.
c. Click `Save`
6. In the `Attributes & Claims` section, click `Edit`
a. Edit the "Unique User Identifier (Name ID)" claim:
- Select `Email address` from the `Name identifier format` dropdown
- Choose `Attribute` as the `Source`
- In the `Source attribute`, select `user.mail`
- Click `Save`
[//]: # ( b. &#40;Optional&#41; For custom claims:)
[//]: # ( - Click Add new claim, provide details, and save.)
[//]: # ( - Ensure the claim is visible in the Additional claims section.)
[//]: # ( - Copy the claim name for later use in NocoDB SAML configurations.)
7. Go to the `SAML Certificates` section and copy the `App Federation Metadata URL`
8. on the Application's Overview page,
- Click `Users and groups`,
- Add the necessary users or groups to the application.
### NocoDB, Configure Azure AD as an Identity Provider
1. Go to `Account Settings` > `Authentication` > `SAML`
2. Insert `Metadata URL` retrieved in step above; alternatively you can configure XML directly as well
3. `Save`
![SAML SSO Configuration](/img/v2/account-settings/SAML-4.png)
For Sign-in's, user should be able to now see `Sign in with <SSO>` option.
![SAML SSO Configuration](/img/v2/account-settings/SSO-SignIn.png)
:::note
Post sign-out, refresh page (for the first time) if you do not see `Sign in with <SSO>` option
:::

59
packages/noco-docs/docs/140.account-settings/030.authentication/030.SAML-SSO/050.keycloak.md

@ -0,0 +1,59 @@
---
title: 'Keycloak'
description: 'Learn how to configure Keycloak as an identity provider for NocoDB.'
tags: ['SSO', 'Keycloak', 'SAML']
keywords: ['SSO', 'Keycloak', 'SAML', 'Authentication', 'Identity Provider']
---
This article briefs about the steps to configure Keycloak as Identity service provider for NocoDB
### NocoDB, Retrieve `SAML SSO` Configuration details
1. Go to `Account Settings`
2. Select `Authentication (SSO)`
3. Click on `New Provider` button
4. On the Popup modal, Specify a `Display name` for the provider; note that, this name will be used to display the provider on the login page
5. Retrieve `Redirect URL` & `Audience / Entity ID`; these information will be required to be configured later with the Identity Provider
![SAML SSO Configuration](/img/v2/account-settings/SSO-1.png)
![SAML SSO Configuration](/img/v2/account-settings/SAML-2.png)
![SAML SSO Configuration](/img/v2/account-settings/SAML-3.png)
### Keycloak, Configure NocoDB as an Application
1. Access your Keycloak account
- navigate to `Clients` menu
- select `Clients list` tab > Click `Create client` button.
2. In the `Create Client` modal, `General Settings` tab:
- Select `SAML` as the `Client type`
- Specify `Audience/Entity ID` retrieved from NocoDB as the `Client ID`
- Click `Next`
3. In the `Create Client` modal, `Login Settings` tab,
- Specify `Redirect URL` retrieved from NocoDB as the `Valid Redirect URIs`
- Specify `Redirect URL` retrieved from NocoDB as the `Valid post logout redirect URIs`
- Click `Save`
4. On the `Client details`, `Settings` tab,
- navigate to `SAML Capabilities` section
- Specify `Name ID format` as `email`
- Enable `Force Name ID Format` and `Force POST Binding`
- navigate to `Signature and Encryption` section
- Enable `Sign Assertions`
- Click `Save`
5. On the `Client details`, `Keys` tab,
- Disable `Signing keys config` > `Client Signature Required`
6. Navigate to `Realm Settings` > `Endpoints`
- Copy `SAML 2.0 Identity Provider Metadata` URL
### NocoDB, Configure Azure AD as an Identity Provider
1. Go to `Account Settings` > `Authentication` > `SAML`Key
2. Insert `Metadata URL` retrieved in step above; alternatively you can configure XML directly as well
3. `Save`
![SAML SSO Configuration](/img/v2/account-settings/SAML-4.png)
For Sign-in's, user should be able to now see `Sign in with <SSO>` option.
![SAML SSO Configuration](/img/v2/account-settings/SSO-SignIn.png)
:::note
Post sign-out, refresh page (for the first time) if you do not see `Sign in with <SSO>` option
:::

8
packages/noco-docs/docs/140.account-settings/030.authentication/030.SAML-SSO/_category_.json

@ -0,0 +1,8 @@
{
"label": "SAML",
"collapsible": true,
"collapsed": true,
"link": {
"type": "generated-index"
}
}

63
packages/noco-docs/docs/140.account-settings/030.authentication/040.OIDC-SSO/010.okta.md

@ -0,0 +1,63 @@
---
title: 'Okta'
description: 'Learn how to configure Okta as an identity provider for NocoDB.'
tags: ['SSO', 'Okta', 'OIDC']
keywords: ['SSO', 'Okta', 'OIDC', 'Authentication', 'Identity Provider']
---
This article briefs about the steps to configure Okta as Identity service provider for NocoDB
### NocoDB, Retrieve `Redirect URL`
1. Go to `Account Settings`
2. Select `Authentication (SSO)`
3. Click on `New Provider` button
4. On the Popup modal, Specify a `Display name` for the provider; note that, this name will be used to display the provider on the login page
5. Retrieve `Redirect URL`; this information will be required to be configured later with the Identity Provider
![OIDC SSO Configuration](/img/v2/account-settings/SSO-1.png)
![OIDC SSO Configuration](/img/v2/account-settings/OIDC-2.png)
![OIDC SSO Configuration](/img/v2/account-settings/OIDC-3.png)
### Okta, Configure NocoDB as an Application
1. Sign in to your [Okta account](https://www.okta.com/) and navigate to the "Get started with Okta" page.
- Click on `Add App` for the Single Sign-On option.
- On the `Browse App Integration Catalog` page, select `Create New App`
2. In the pop-up with title `Create a new app integration`
- Choose `OIDC - OpenID Connect` as the Sign-in method
- Choose `Web Application` as the Application type
3. Go to `General Settings` on the `New Web App Integration` page
- Provide your application's name.
- From the Options in the `Grant type allowed` section, select `Authorization Code` and `Refresh Token`
- Add the `Redirect URL` under `Sign-in redirect URIs`.
- From the `Assignments section`, select an option from `Controlled access` to set up the desired accessibility configuration for this application.
- `Save`
4. On your new application,
- Go to the `General` tab
- Copy the `Client ID` and `Client Secret` from the `Client Credentials` section.
5. From `Account` dropdown in navigation bar
- Copy `Okta Domain`
6. Append "./well-known/openid-configuration" to the `Okta Domain` URL & access it
- Example: https://dev-123456.okta.com/.well-known/openid-configuration
- Copy `authorization_endpoint`, `token_endpoint`, `userinfo_endpoint` & `jwks_uri` from the JSON response
### NocoDB, Configure Okta as an Identity Provider
In NocoDB, open `Account Settings` > `Authentication` > `OIDC`. On the "Register OIDC Identity Provider" modal, insert the following information:
- Insert `Client ID` retrieved in step (6) above as `Client ID`
- Insert `Client Secret` retrieved in step (6) above as `Client Secret`
- Insert `authorization_endpoint` retrieved in step (8) above as `Authorization URL`
- Insert `token_endpoint` retrieved in step (8) above as `Token URL`
- Insert `userinfo_endpoint` retrieved in step (8) above as `Userinfo URL`
- Insert `jwks_uri` retrieved in step (8) above as `JWK Set URL`
- Set `Scope` as `openid` `profile` `email` `offline_access`
- In the Username Attribute field, indicate the name of the claim that represents the user's email. The default value is set to "email."
For Sign-in's, user should be able to now see `Sign in with <SSO>` option.
![SAML SSO Configuration](/img/v2/account-settings/SSO-SignIn.png)
:::note
Post sign-out, refresh page (for the first time) if you do not see `Sign in with <SSO>` option
:::
For information about Okta API Scopes, refer [here](https://developer.okta.com/docs/reference/api/oidc/#scopes)

56
packages/noco-docs/docs/140.account-settings/030.authentication/040.OIDC-SSO/020.auth0.md

@ -0,0 +1,56 @@
---
title: 'Auth0'
description: 'Learn how to configure Auth0 as an identity provider for NocoDB.'
tags: ['SSO', 'Auth0', 'OIDC']
keywords: ['SSO', 'Auth0', 'OIDC', 'Authentication', 'Identity Provider']
---
This article briefs about the steps to configure Auth0 as Identity service provider for NocoDB
### NocoDB, Retrieve `Redirect URL`
1. Go to `Account Settings`
2. Select `Authentication (SSO)`
3. Click on `New Provider` button
4. On the Popup modal, Specify a `Display name` for the provider; note that, this name will be used to display the provider on the login page
5. Retrieve `Redirect URL`; this information will be required to be configured later with the Identity Provider
![OIDC SSO Configuration](/img/v2/account-settings/SSO-1.png)
![OIDC SSO Configuration](/img/v2/account-settings/OIDC-2.png)
![OIDC SSO Configuration](/img/v2/account-settings/OIDC-3.png)
### Auth0, Configure NocoDB as an Application
1. Access your [Auth0 account](https://auth0.com/)
- navigate to `Applications` > `Create Application`.
2. In the `Create Application` modal,
- choose `Regular Web Application`
- click `Create`
3. On Quick start screen, go to `Settings` tab
- Copy the `Client ID` and `Client Secret` from the `Basic Information` section.
4. Goto `Application URIs` section
- Add the `Redirect URL` copied from step(2) under `Allowed Callback URLs`.
- `Save Changes`
5. On the `Settings` tab, go to the `Advanced Settings` section and click on the `Endpoints` tab.
- Copy the `OAuth Authorization URL`, `OAuth Token URL`, `OAuth User Info URL` & `JSON Web Key Set URL`
### NocoDB, Configure Auth0 as an Identity Provider
1. In NocoDB, open `Account Settings` > `Authentication` > `OIDC`. On the "Register OIDC Identity Provider" modal, insert the following information:
- Insert `Client ID` retrieved in step (5) above as `Client ID`
- Insert `Client Secret` retrieved in step (5) above as `Client Secret`
- Insert `OAuth Authorization URL` retrieved in step (7) above as `Authorization URL`
- Insert `OAuth Token URL` retrieved in step (7) above as `Token URL`
- Insert `OAuth User Info URL` retrieved in step (7) above as `Userinfo URL`
- Insert `JSON Web Key Set URL` retrieved in step (7) above as `JWK Set URL`
- Set `Scope` as `openid` `profile` `email` `offline_access`
- In the Username Attribute field, indicate the name of the claim that represents the user's email. The default value is set to "email."
For Sign-in's, user should be able to now see `Sign in with <SSO>` option.
![SAML SSO Configuration](/img/v2/account-settings/SSO-SignIn.png)
:::note
Post sign-out, refresh page (for the first time) if you do not see `Sign in with <SSO>` option
:::
For information about Auth0 API Scopes, refer [here](https://auth0.com/docs/secure/tokens/refresh-tokens)

69
packages/noco-docs/docs/140.account-settings/030.authentication/040.OIDC-SSO/030.ping-identity.md

@ -0,0 +1,69 @@
---
title: 'Ping Identity'
description: 'Learn how to configure Ping Identity as an identity provider for NocoDB.'
tags: ['SSO', 'Ping Identity', 'OIDC']
keywords: ['SSO', 'Ping Identity', 'OIDC', 'Authentication', 'Identity Provider']
---
This article briefs about the steps to configure Ping Identity as Identity service provider for NocoDB
### NocoDB, Retrieve `Redirect URL`
1. Go to `Account Settings`
2. Select `Authentication (SSO)`
3. Click on `New Provider` button
4. On the Popup modal, Specify a `Display name` for the provider; note that, this name will be used to display the provider on the login page
5. Retrieve `Redirect URL`; this information will be required to be configured later with the Identity Provider
![OIDC SSO Configuration](/img/v2/account-settings/SSO-1.png)
![OIDC SSO Configuration](/img/v2/account-settings/OIDC-2.png)
![OIDC SSO Configuration](/img/v2/account-settings/OIDC-3.png)
### Ping Identity, Configure NocoDB as an Application
1. Access your [PingOne account](https://www.pingidentity.com/en/account/sign-on.html) and navigate to the homepage.
2. Click on `Add Environment` from the top right corner.
3. On the `Create Environment` screen,
- Opt for `Build your own solution`
- In the `Select solution(s) for your Environment` section, select `PingOne SSO` from `Cloud Services`
- Click `Next`
- Provide a name and description for the environment,
- Click `Next`
4. Access the newly created environment and go to `Connections` > `Applications` from the sidebar.
5. Within the Applications homepage, initiate the creation of a new application by clicking the "+" icon.
6. On the "Add Application" panel:
- Input the application name and description.
- Choose "OIDC Web App" as the Application Type and click "Configure"
7. From your application,
- Go to `Configurations` tab
- Click on `Edit` button
- Check `Refresh Token` option
- Copy `Authorization URL`, `Token URL`, `Userinfo URL` & `JWK Set URL` from the `Endpoints` section
- From `Generals` dropdown, copy `Client ID` & `Client Secret`
- `Save`
8. From `Resources` tab,
- Click `Edit`
- Select `openid` `profile` `email` from `Scopes`
9. Switch toggle button in the top right corner to `On` to activate the application.
### NocoDB, Configure Ping Identity as an Identity Provider
1. In NocoDB, open `Account Settings` > `Authentication` > `OIDC`. On the "Register OIDC Identity Provider" modal, insert the following information:
- Insert `Client ID` retrieved in step (9) above as `Client ID`
- Insert `Client Secret` retrieved in step (9) above as `Client Secret`
- Insert `Authorization URL` retrieved in step (9) above as `Authorization URL`
- Insert `Token URL` retrieved in step (9) above as `Token URL`
- Insert `Userinfo URL` retrieved in step (9) above as `Userinfo URL`
- Insert `JWK Set URL` retrieved in step (9) above as `JWK Set URL`
- Set `Scope` as `openid` `profile` `email` `offline_access`
- In the Username Attribute field, indicate the name of the claim that represents the user's email. The default value is set to "email."
For Sign-in's, user should be able to now see `Sign in with <SSO>` option.
![SAML SSO Configuration](/img/v2/account-settings/SSO-SignIn.png)
:::note
Post sign-out, refresh page (for the first time) if you do not see `Sign in with <SSO>` option
:::
For information about Ping Identity API Scopes, refer [here](https://docs.pingidentity.com/r/en-us/pingone/pingone_t_edit_scopes_for_an_application)

76
packages/noco-docs/docs/140.account-settings/030.authentication/040.OIDC-SSO/040.azure-ad.md

@ -0,0 +1,76 @@
---
title: 'Azure AD (Entra)'
description: 'Learn how to configure Azure AD as an identity provider for NocoDB.'
tags: ['SSO', 'Azure AD', 'OIDC']
keywords: ['SSO', 'Azure AD', 'OIDC', 'Authentication', 'Identity Provider']
---
This article briefs about the steps to configure Azure AD as Identity service provider for NocoDB
### NocoDB, Retrieve `Redirect URL`
1. Go to `Account Settings`
2. Select `Authentication (SSO)`
3. Click on `New Provider` button
4. On the Popup modal, Specify a `Display name` for the provider; note that, this name will be used to display the provider on the login page
5. Retrieve `Redirect URL`; this information will be required to be configured later with the Identity Provider
![OIDC SSO Configuration](/img/v2/account-settings/SSO-1.png)
![OIDC SSO Configuration](/img/v2/account-settings/OIDC-2.png)
![OIDC SSO Configuration](/img/v2/account-settings/OIDC-3.png)
### Azure AD, Configure NocoDB as an Application
1. Sign in to your [Azure account](https://portal.azure.com/#allservices) and navigate to `Azure Active Directory` under `Azure Services`.
2. Access `Manage Tenants` from the navigation bar, select your directory, and click `Switch`.
3. On your directory's homepage, click `+ Add` > `App Registration` from the navigation bar.
4. On the `Register an application` page,
- Provide your application's name.
- Set `Accounts in this organizational directory only` as the `Supported account types`.
- Choose `Web` as the Application type
- Add the `Redirect URL` under `Redirect URIs`.
- `Register`
5. On your application's homepage,
- Copy the `Application (client) ID`
- Click `Add a certificate or secret` under `Client credentials` section
- On `Certificates & secrets` page, go to `Client secrets` section
- Click `New client secret`
- On `Add a client secret` page,
- Add a description for the secret
- Set expiration as required
- `Add`
- Copy the `Value` of the newly created secret
6. On your application's homepage,
- Go to `Endpoints` tab
- Open `OpenID Connect metadata document` URL & copy `authorization_endpoint`, `token_endpoint`, `userinfo_endpoint` & `jwks_uri` from the JSON response
7. Configuring scopes
- Go to `API permissions` tab
- Click `Add a permission`
- On `Request API permissions` page,
- Select `Microsoft Graph` from `Microsoft APIs`
- Select `Delegated permissions`
- Select `openid` `profile` `email` `offline_access` from `Select permissions` dropdown
- From `Users` dropdown, select `User.Read`
- `Add permissions`
- Click `Grant admin consent for this directory` from the `API permissions` page
### NocoDB, Configure Azure AD as an Identity Provider
On NocoDB, open `Account Settings` > `Authentication` > `OIDC`. On the "Register OIDC Identity Provider" modal, insert the following information:
- Insert `Application (client) ID` retrieved in step (7) above as `Client ID`
- Insert `Value` of the newly created secret retrieved in step (7) above as `Client Secret`
- Insert `authorization_endpoint` retrieved in step (8) above as `Authorization URL`
- Insert `token_endpoint` retrieved in step (8) above as `Token URL`
- Insert `userinfo_endpoint` retrieved in step (8) above as `Userinfo URL`
- Insert `jwks_uri` retrieved in step (8) above as `JWK Set URL`
- Set `Scope` as `openid` `profile` `email` `offline_access`
For Sign-in's, user should be able to now see `Sign in with <SSO>` option.
![SAML SSO Configuration](/img/v2/account-settings/SSO-SignIn.png)
:::note
Post sign-out, refresh page (for the first time) if you do not see `Sign in with <SSO>` option
:::
For information about Azure AD API Scopes, refer [here](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#offline_access)

8
packages/noco-docs/docs/140.account-settings/030.authentication/040.OIDC-SSO/_category_.json

@ -0,0 +1,8 @@
{
"label": "OpenID Connect",
"collapsible": true,
"collapsed": true,
"link": {
"type": "generated-index"
}
}

8
packages/noco-docs/docs/140.account-settings/030.authentication/_category_.json

@ -0,0 +1,8 @@
{
"label": "Authentication ☁",
"collapsible": true,
"collapsed": true,
"link": {
"type": "generated-index"
}
}

0
packages/noco-docs/docs/140.account-settings/030.oss-specific-details.md → packages/noco-docs/docs/140.account-settings/040.oss-specific-details.md

BIN
packages/noco-docs/static/img/v2/account-settings/OIDC-2.png vendored

Binary file not shown.

After

Width:  |  Height:  |  Size: 190 KiB

BIN
packages/noco-docs/static/img/v2/account-settings/OIDC-3.png vendored

Binary file not shown.

After

Width:  |  Height:  |  Size: 146 KiB

BIN
packages/noco-docs/static/img/v2/account-settings/SAML-2.png vendored

Binary file not shown.

After

Width:  |  Height:  |  Size: 190 KiB

BIN
packages/noco-docs/static/img/v2/account-settings/SAML-3.png vendored

Binary file not shown.

After

Width:  |  Height:  |  Size: 186 KiB

BIN
packages/noco-docs/static/img/v2/account-settings/SAML-4.png vendored

Binary file not shown.

After

Width:  |  Height:  |  Size: 180 KiB

BIN
packages/noco-docs/static/img/v2/account-settings/SSO-1.png vendored

Binary file not shown.

After

Width:  |  Height:  |  Size: 202 KiB

BIN
packages/noco-docs/static/img/v2/account-settings/SSO-SignIn.png vendored

Binary file not shown.

After

Width:  |  Height:  |  Size: 111 KiB

Loading…
Cancel
Save