From f9854d8008cb985d1cd63aed114430f5f36c1025 Mon Sep 17 00:00:00 2001 From: Raju Udava <86527202+dstala@users.noreply.github.com> Date: Thu, 8 Feb 2024 07:24:37 +0000 Subject: [PATCH] docs: OIDC PI --- .../040.OIDC-SSO/030.ping-identity.md | 56 +++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/packages/noco-docs/docs/140.account-settings/040.authentication/040.OIDC-SSO/030.ping-identity.md b/packages/noco-docs/docs/140.account-settings/040.authentication/040.OIDC-SSO/030.ping-identity.md index e69de29bb2..e2fac3575e 100644 --- a/packages/noco-docs/docs/140.account-settings/040.authentication/040.OIDC-SSO/030.ping-identity.md +++ b/packages/noco-docs/docs/140.account-settings/040.authentication/040.OIDC-SSO/030.ping-identity.md @@ -0,0 +1,56 @@ +--- +title: 'Ping Identity' +description: 'Learn how to configure Ping Identity as an identity provider for NocoDB.' +tags: ['SSO', 'Ping Identity', 'OIDC'] +keywords: ['SSO', 'Ping Identity', 'OIDC', 'Authentication', 'Identity Provider'] +--- + +This article briefs about the steps to configure Ping Identity as Identity service provider for NocoDB + +1. Enable `OIDC SSO` on NocoDB + - Go to `Account Settings` > `Authentication` + - Activate `OIDC` toggle button +2. Retrieve `Redirect URL` from NocoDB + - Go to `Account Settings` > `Authentication` > `OIDC` + - Note down `Redirect URL` ; these information will be required to be configured later with the Identity Provider +3. Access your [PingOne account](https://www.pingidentity.com/en/account/sign-on.html) and navigate to the homepage. +4. Click on `Add Environment` from the top right corner. +5. On the `Create Environment` screen, + - Opt for `Build your own solution` + - In the `Select solution(s) for your Environment` section, select `PingOne SSO` from `Cloud Services` + - Click `Next` + - Provide a name and description for the environment, + - Click `Next` +6. Access the newly created environment and go to `Connections` > `Applications` from the sidebar. +7. Within the Applications homepage, initiate the creation of a new application by clicking the "+" icon. +8. On the "Add Application" panel: + - Input the application name and description. + - Choose "OIDC Web App" as the Application Type and click "Configure" +9. From your application, + - Go to `Configurations` tab + - Click on `Edit` button + - Check `Refresh Token` option + - Copy `Authorization URL`, `Token URL`, `Userinfo URL` & `JWK Set URL` from the `Endpoints` section + - From `Generals` dropdown, copy `Client ID` & `Client Secret` + - `Save` +10. From `Resources` tab, + - Click `Edit` + - Select `openid` `profile` `email` from `Scopes` +11. Switch toggle button in the top right corner to `On` to activate the application. +12. In NocoDB, open `Account Settings` > `Authentication` > `OIDC` + - Insert `Client ID` retrieved in step (9) above as `Client ID` + - Insert `Client Secret` retrieved in step (9) above as `Client Secret` + - Insert `Authorization URL` retrieved in step (9) above as `Authorization URL` + - Insert `Token URL` retrieved in step (9) above as `Token URL` + - Insert `Userinfo URL` retrieved in step (9) above as `Userinfo URL` + - Insert `JWK Set URL` retrieved in step (9) above as `JWK Set URL` + - Set `Scope` as `openid` `profile` `email` `offline_access` +13. In the Username Attribute field, indicate the name of the claim that represents the user's email. The default value is set to "email." + +For Sign-in's, user should be able to now see `Sign in with ` option. + +:::note +Post sign-out, refresh page (for the first time) if you do not see `Sign in with ` option +::: + +For information about Ping Identity API Scopes, refer [here](https://docs.pingidentity.com/r/en-us/pingone/pingone_t_edit_scopes_for_an_application) \ No newline at end of file