Product Docs
Self Hosting
Scripts ☁
Changelog (EE)

Azure AD (Entra)

Learn how to configure Active Directory as an identity provider for NocoDB.

For SSO Access - please reach out to sales team

This article briefs about the steps to configure Active Directory as Identity service provider for NocoDB

For users on Business plan, the SSO configuration menu is available under Workspace Settings. Refer here for more details.
Domain Verification Required for Cloud Plans: Before configuring SAML SSO, you must verify your domain in NocoDB (required for both Business and Enterprise plans in the cloud). Only users with email addresses from verified domains can sign in via SSO. See Domain Verification for details.

NocoDB, Retrieve SAML SSO Configuration details

  1. Go to Account Settings
  2. Select Authentication (SSO)
  3. Click on New Provider button
  4. On the Popup modal, Specify a Display name for the provider; note that, this name will be used to display the provider on the login page
  5. Retrieve Redirect URL & Audience / Entity ID; these information will be required to be configured later with the Identity Provider

SAML SSO Configuration SAML SSO Configuration SAML SSO Configuration

Azure AD, Configure NocoDB as an Application

  1. Sign in to your Azure account and navigate to Microsoft Entra admin center > Identity > Enterprise applications
  2. Click + New application
  3. On the Browse Microsoft Entra Gallery page, select Create your own application from the navigation bar.
    • Provide your application's name.
    • Choose Integrate any other application you don't find in the gallery (Non-gallery)
    • Create
  4. On your application page, navigate to Manage > Single sign-on > SAML
  5. Go to the Basic SAML Configuration section under Set up Single Sign-On with SAML and click Edit
    • Add the Audience URI under Identifier (Entity ID).
    • Add the Redirect URL under Replay URL (Assertion Consumer Service URL).
    • Click Save
  6. In the Attributes & Claims section, click Edit
    • Edit the "Unique User Identifier (Name ID)" claim:
      • Select Email address from the Name identifier format dropdown
      • Choose Attribute as the Source
      • In the Source attribute, select user.mail
      • Click Save
  7. Go to the SAML Certificates section and copy the App Federation Metadata URL
  8. on the Application's Overview page,
    • Click Users and groups,
    • Add the necessary users or groups to the application.

NocoDB, Configure Azure AD as an Identity Provider

  1. Go to Account Settings > Authentication > SAML
  2. Insert Metadata URL retrieved in step above; alternatively you can configure XML directly as well
  3. Save

SAML SSO Configuration

For Sign-in's, user should be able to now see Sign in with <SSO> option.

SAML SSO Configuration

Post sign-out, refresh page (for the first time) if you do not see Sign in with SSO option

For more common questions and troubleshooting, see our SSO FAQ.
Tags:SSOActive DirectorySAML

Okta

Learn how to configure Okta as an identity provider for NocoDB.

Auth0

Learn how to configure Auth0 as an identity provider for NocoDB.