Product Docs
Self Hosting
Scripts ☁
Changelog (EE)

Azure AD (Entra)

Learn how to configure Azure AD as an identity provider for NocoDB.

Please reach out to sales for SSO access

This article briefs about the steps to configure Azure AD as Identity service provider for NocoDB

For users on Business plan, the SSO configuration menu is available under Workspace Settings. Refer here for more details.
Domain Verification Required for Cloud Plans: Before configuring OIDC SSO, you must verify your domain in NocoDB (required for both Business and Enterprise plans in the cloud). Only users with email addresses from verified domains can sign in via SSO. See Domain Verification for details.

NocoDB, Retrieve Redirect URL

  1. Go to Account Settings
  2. Select Authentication (SSO)
  3. Click on New Provider button
  4. On the Popup modal, Specify a Display name for the provider; note that, this name will be used to display the provider on the login page
  5. Retrieve Redirect URL; this information will be required to be configured later with the Identity Provider

OIDC SSO Configuration OIDC SSO Configuration OIDC SSO Configuration

Azure AD, Configure NocoDB as an Application

  1. Sign in to your Azure account and navigate to Azure Active Directory under Azure Services.
  2. Access Manage Tenants from the navigation bar, select your directory, and click Switch.
  3. On your directory's homepage, click + Add > App Registration from the navigation bar.
  4. On the Register an application page,
    • Provide your application's name.
    • Set Accounts in this organizational directory only as the Supported account types.
    • Choose Web as the Application type
    • Add the Redirect URL under Redirect URIs.
    • Register
  5. On your application's homepage,
    • Copy the Application (client) ID
    • Click Add a certificate or secret under Client credentials section
    • On Certificates & secrets page, go to Client secrets section
    • Click New client secret
    • On Add a client secret page,
      • Add a description for the secret
      • Set expiration as required
      • Add
    • Copy the Value of the newly created secret
  6. On your application's homepage,
    • Go to Endpoints tab
    • Open OpenID Connect metadata document URL & copy authorization_endpoint, token_endpoint, userinfo_endpoint & jwks_uri from the JSON response
  7. Configuring scopes
    • Go to API permissions tab
    • Click Add a permission
    • On Request API permissions page,
      • Select Microsoft Graph from Microsoft APIs
      • Select Delegated permissions
      • Select openid profile email offline_access from Select permissions dropdown
      • From Users dropdown, select User.Read
      • Add permissions
    • Click Grant admin consent for this directory from the API permissions page

NocoDB, Configure Azure AD as an Identity Provider

On NocoDB, open Account Settings > Authentication > OIDC. On the "Register OIDC Identity Provider" modal, insert the following information:

  • Insert Application (client) ID retrieved in step (7) above as Client ID
  • Insert Value of the newly created secret retrieved in step (7) above as Client Secret
  • Insert authorization_endpoint retrieved in step (8) above as Authorization URL
  • Insert token_endpoint retrieved in step (8) above as Token URL
  • Insert userinfo_endpoint retrieved in step (8) above as Userinfo URL
  • Insert jwks_uri retrieved in step (8) above as JWK Set URL
  • Set Scope as openid profile email offline_access

For Sign-in's, user should be able to now see Sign in with <SSO> option.

SAML SSO Configuration

Post sign-out, refresh page (for the first time) if you do not see Sign in with SSO option

For more common questions and troubleshooting, see our SSO FAQ.

For information about Azure AD API Scopes, refer here

Tags:SSOAzure ADOIDC

Okta

Learn how to configure Okta as an identity provider for NocoDB.

Auth0

Learn how to configure Auth0 as an identity provider for NocoDB.