mirror of https://github.com/nocodb/nocodb
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2.5 KiB
2.5 KiB
title | description | tags | keywords |
---|---|---|---|
Keycloak | Learn how to configure Keycloak as an identity provider for NocoDB. | [SSO Keycloak SAML] | [SSO Keycloak SAML Authentication Identity Provider] |
This article briefs about the steps to configure Keycloak as Identity service provider for NocoDB
NocoDB, Retrieve SAML SSO
Configuration details
- Go to
Account Settings
- Select
Authentication (SSO)
- Click on
New Provider
button - On the Popup modal, Specify a
Display name
for the provider; note that, this name will be used to display the provider on the login page - Retrieve
Redirect URL
&Audience / Entity ID
; these information will be required to be configured later with the Identity Provider
Keycloak, Configure NocoDB as an Application
- Access your Keycloak account
- navigate to
Clients
menu - select
Clients list
tab > ClickCreate client
button.
- navigate to
- In the
Create Client
modal,General Settings
tab:- Select
SAML
as theClient type
- Specify
Audience/Entity ID
retrieved from NocoDB as theClient ID
- Click
Next
- Select
- In the
Create Client
modal,Login Settings
tab,- Specify
Redirect URL
retrieved from NocoDB as theValid Redirect URIs
- Specify
Redirect URL
retrieved from NocoDB as theValid post logout redirect URIs
- Click
Save
- Specify
- On the
Client details
,Settings
tab,- navigate to
SAML Capabilities
section - Specify
Name ID format
asemail
- Enable
Force Name ID Format
andForce POST Binding
- navigate to
Signature and Encryption
section - Enable
Sign Assertions
- Click
Save
- navigate to
- On the
Client details
,Keys
tab,- Disable
Signing keys config
>Client Signature Required
- Disable
- Navigate to
Realm Settings
>Endpoints
- Copy
SAML 2.0 Identity Provider Metadata
URL
- Copy
NocoDB, Configure Azure AD as an Identity Provider
- Go to
Account Settings
>Authentication
>SAML
Key - Insert
Metadata URL
retrieved in step above; alternatively you can configure XML directly as well Save
For Sign-in's, user should be able to now see Sign in with <SSO>
option.
:::note
Post sign-out, refresh page (for the first time) if you do not see Sign in with <SSO>
option
:::