多维表格
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

2.7 KiB

title description tags keywords
Keycloak Learn how to configure Keycloak as an identity provider for NocoDB. [SSO Keycloak SAML] [SSO Keycloak SAML Authentication Identity Provider]

:::warning SSO is available under private beta for self hosted enterprise customers. Please reach out to us for early access. :::

This article briefs about the steps to configure Keycloak as Identity service provider for NocoDB

NocoDB, Retrieve SAML SSO Configuration details

  1. Go to Account Settings
  2. Select Authentication (SSO)
  3. Click on New Provider button
  4. On the Popup modal, Specify a Display name for the provider; note that, this name will be used to display the provider on the login page
  5. Retrieve Redirect URL & Audience / Entity ID; these information will be required to be configured later with the Identity Provider

SAML SSO Configuration SAML SSO Configuration SAML SSO Configuration

Keycloak, Configure NocoDB as an Application

  1. Access your Keycloak account
    • navigate to Clients menu
    • select Clients list tab > Click Create client button.
  2. In the Create Client modal, General Settings tab:
    • Select SAML as the Client type
    • Specify Audience/Entity ID retrieved from NocoDB as the Client ID
    • Click Next
  3. In the Create Client modal, Login Settings tab,
    • Specify Redirect URL retrieved from NocoDB as the Valid Redirect URIs
    • Specify Redirect URL retrieved from NocoDB as the Valid post logout redirect URIs
    • Click Save
  4. On the Client details, Settings tab,
    • navigate to SAML Capabilities section
    • Specify Name ID format as email
    • Enable Force Name ID Format and Force POST Binding
    • navigate to Signature and Encryption section
    • Enable Sign Assertions
    • Click Save
  5. On the Client details, Keys tab,
    • Disable Signing keys config > Client Signature Required
  6. Navigate to Realm Settings > Endpoints
    • Copy SAML 2.0 Identity Provider Metadata URL

NocoDB, Configure Azure AD as an Identity Provider

  1. Go to Account Settings > Authentication > SAMLKey
  2. Insert Metadata URL retrieved in step above; alternatively you can configure XML directly as well
  3. Save

SAML SSO Configuration

For Sign-in's, user should be able to now see Sign in with <SSO> option.

SAML SSO Configuration

:::note Post sign-out, refresh page (for the first time) if you do not see Sign in with <SSO> option :::