--- title: 'Okta' description: 'Learn how to configure Okta as an identity provider for NocoDB.' tags: ['SSO', 'Okta', 'OIDC'] keywords: ['SSO', 'Okta', 'OIDC', 'Authentication', 'Identity Provider'] --- :::warning SSO is available under private beta for self hosted enterprise customers. Please reach [**out to us**](https://calendly.com/nocodb) for early access. ::: This article briefs about the steps to configure Okta as Identity service provider for NocoDB ### NocoDB, Retrieve `Redirect URL` 1. Go to `Account Settings` 2. Select `Authentication (SSO)` 3. Click on `New Provider` button 4. On the Popup modal, Specify a `Display name` for the provider; note that, this name will be used to display the provider on the login page 5. Retrieve `Redirect URL`; this information will be required to be configured later with the Identity Provider ![OIDC SSO Configuration](/img/v2/account-settings/SSO-1.png) ![OIDC SSO Configuration](/img/v2/account-settings/OIDC-2.png) ![OIDC SSO Configuration](/img/v2/account-settings/OIDC-3.png) ### Okta, Configure NocoDB as an Application 1. Sign in to your [Okta account](https://www.okta.com/) and navigate to the "Get started with Okta" page. - Click on `Add App` for the Single Sign-On option. - On the `Browse App Integration Catalog` page, select `Create New App` 2. In the pop-up with title `Create a new app integration` - Choose `OIDC - OpenID Connect` as the Sign-in method - Choose `Web Application` as the Application type 3. Go to `General Settings` on the `New Web App Integration` page - Provide your application's name. - From the Options in the `Grant type allowed` section, select `Authorization Code` and `Refresh Token` - Add the `Redirect URL` under `Sign-in redirect URIs`. - From the `Assignments section`, select an option from `Controlled access` to set up the desired accessibility configuration for this application. - `Save` 4. On your new application, - Go to the `General` tab - Copy the `Client ID` and `Client Secret` from the `Client Credentials` section. 5. From `Account` dropdown in navigation bar - Copy `Okta Domain` 6. Append "./well-known/openid-configuration" to the `Okta Domain` URL & access it - Example: https://dev-123456.okta.com/.well-known/openid-configuration - Copy `authorization_endpoint`, `token_endpoint`, `userinfo_endpoint` & `jwks_uri` from the JSON response ### NocoDB, Configure Okta as an Identity Provider In NocoDB, open `Account Settings` > `Authentication` > `OIDC`. On the "Register OIDC Identity Provider" modal, insert the following information: - Insert `Client ID` retrieved in step (6) above as `Client ID` - Insert `Client Secret` retrieved in step (6) above as `Client Secret` - Insert `authorization_endpoint` retrieved in step (8) above as `Authorization URL` - Insert `token_endpoint` retrieved in step (8) above as `Token URL` - Insert `userinfo_endpoint` retrieved in step (8) above as `Userinfo URL` - Insert `jwks_uri` retrieved in step (8) above as `JWK Set URL` - Set `Scope` as `openid` `profile` `email` `offline_access` - In the Username Attribute field, indicate the name of the claim that represents the user's email. The default value is set to "email." For Sign-in's, user should be able to now see `Sign in with ` option. ![SAML SSO Configuration](/img/v2/account-settings/SSO-SignIn.png) :::note Post sign-out, refresh page (for the first time) if you do not see `Sign in with ` option ::: For information about Okta API Scopes, refer [here](https://developer.okta.com/docs/reference/api/oidc/#scopes)