3.8 KiB
title | description | tags | keywords |
---|---|---|---|
Azure AD (Entra) | Learn how to configure Azure AD as an identity provider for NocoDB. | [SSO Azure AD OIDC] | [SSO Azure AD OIDC Authentication Identity Provider] |
This article briefs about the steps to configure Azure AD as Identity service provider for NocoDB
NocoDB, Retrieve Redirect URL
- Go to
Account Settings
- Select
Authentication (SSO)
- Click on
New Provider
button - On the Popup modal, Specify a
Display name
for the provider; note that, this name will be used to display the provider on the login page - Retrieve
Redirect URL
; this information will be required to be configured later with the Identity Provider
Azure AD, Configure NocoDB as an Application
- Sign in to your Azure account and navigate to
Azure Active Directory
underAzure Services
. - Access
Manage Tenants
from the navigation bar, select your directory, and clickSwitch
. - On your directory's homepage, click
+ Add
>App Registration
from the navigation bar. - On the
Register an application
page,- Provide your application's name.
- Set
Accounts in this organizational directory only
as theSupported account types
. - Choose
Web
as the Application type - Add the
Redirect URL
underRedirect URIs
. Register
- On your application's homepage,
- Copy the
Application (client) ID
- Click
Add a certificate or secret
underClient credentials
section - On
Certificates & secrets
page, go toClient secrets
section - Click
New client secret
- On
Add a client secret
page,- Add a description for the secret
- Set expiration as required
Add
- Copy the
Value
of the newly created secret
- Copy the
- On your application's homepage,
- Go to
Endpoints
tab - Open
OpenID Connect metadata document
URL & copyauthorization_endpoint
,token_endpoint
,userinfo_endpoint
&jwks_uri
from the JSON response
- Go to
- Configuring scopes
- Go to
API permissions
tab - Click
Add a permission
- On
Request API permissions
page,- Select
Microsoft Graph
fromMicrosoft APIs
- Select
Delegated permissions
- Select
openid
profile
email
offline_access
fromSelect permissions
dropdown - From
Users
dropdown, selectUser.Read
Add permissions
- Select
- Click
Grant admin consent for this directory
from theAPI permissions
page
- Go to
NocoDB, Configure Azure AD as an Identity Provider
On NocoDB, open Account Settings
> Authentication
> OIDC
. On the "Register OIDC Identity Provider" modal, insert the following information:
- Insert Application (client) ID
retrieved in step (7) above as Client ID
- Insert Value
of the newly created secret retrieved in step (7) above as Client Secret
- Insert authorization_endpoint
retrieved in step (8) above as Authorization URL
- Insert token_endpoint
retrieved in step (8) above as Token URL
- Insert userinfo_endpoint
retrieved in step (8) above as Userinfo URL
- Insert jwks_uri
retrieved in step (8) above as JWK Set URL
- Set Scope
as openid
profile
email
offline_access
For Sign-in's, user should be able to now see Sign in with <SSO>
option.
:::note
Post sign-out, refresh page (for the first time) if you do not see Sign in with <SSO>
option
:::
For information about Azure AD API Scopes, refer here