--- title: 'Keycloak' description: 'Learn how to configure Keycloak as an identity provider for NocoDB.' tags: ['SSO', 'Keycloak', 'SAML'] keywords: ['SSO', 'Keycloak', 'SAML', 'Authentication', 'Identity Provider'] --- :::info For SSO Access - please reach [**out to sales team**](https://calendly.com/nocodb). ::: This article briefs about the steps to configure Keycloak as Identity service provider for NocoDB ### NocoDB, Retrieve `SAML SSO` Configuration details 1. Go to `Account Settings` 2. Select `Authentication (SSO)` 3. Click on `New Provider` button 4. On the Popup modal, Specify a `Display name` for the provider; note that, this name will be used to display the provider on the login page 5. Retrieve `Redirect URL` & `Audience / Entity ID`; these information will be required to be configured later with the Identity Provider ![SAML SSO Configuration](/img/v2/account-settings/SSO-1.png) ![SAML SSO Configuration](/img/v2/account-settings/SAML-2.png) ![SAML SSO Configuration](/img/v2/account-settings/SAML-3.png) ### Keycloak, Configure NocoDB as an Application 1. Access your Keycloak account - navigate to `Clients` menu - select `Clients list` tab > Click `Create client` button. 2. In the `Create Client` modal, `General Settings` tab: - Select `SAML` as the `Client type` - Specify `Audience/Entity ID` retrieved from NocoDB as the `Client ID` - Click `Next` 3. In the `Create Client` modal, `Login Settings` tab, - Specify `Redirect URL` retrieved from NocoDB as the `Valid Redirect URIs` - Specify `Redirect URL` retrieved from NocoDB as the `Valid post logout redirect URIs` - Click `Save` 4. On the `Client details`, `Settings` tab, - navigate to `SAML Capabilities` section - Specify `Name ID format` as `email` - Enable `Force Name ID Format` and `Force POST Binding` - navigate to `Signature and Encryption` section - Enable `Sign Assertions` - Click `Save` 5. On the `Client details`, `Keys` tab, - Disable `Signing keys config` > `Client Signature Required` 6. Navigate to `Realm Settings` > `Endpoints` - Copy `SAML 2.0 Identity Provider Metadata` URL ### NocoDB, Configure Azure AD as an Identity Provider 1. Go to `Account Settings` > `Authentication` > `SAML`Key 2. Insert `Metadata URL` retrieved in step above; alternatively you can configure XML directly as well 3. `Save` ![SAML SSO Configuration](/img/v2/account-settings/SAML-4.png) For Sign-in's, user should be able to now see `Sign in with ` option. ![SAML SSO Configuration](/img/v2/account-settings/SSO-SignIn.png) :::note Post sign-out, refresh page (for the first time) if you do not see `Sign in with ` option :::