nocodb/packages/noco-docs/docs/140.account-settings/030.authentication/030.SAML-SSO/050.keycloak.md at 13043a2b4e52d4795737bd29f2be3352ed00a023

clone/nocodb

mirror of https://github.com/nocodb/nocodb.git synced 2026-04-30 21:06:49 +00:00

Files

Naveen MR f228034052 docs : update docs related to SSO

2024-02-21 09:28:32 +00:00

title, description, tags, keywords

title

description

Go to Account Settings
Select Authentication (SSO)
Click on New Provider button
On the Popup modal, Specify a Display name for the provider; note that, this name will be used to display the provider on the login page
Retrieve Redirect URL & Audience / Entity ID; these information will be required to be configured later with the Identity Provider

Access your Keycloak account
- navigate to Clients menu
- select Clients list tab > Click Create client button.
In the Create Client modal, General Settings tab:
- Select SAML as the Client type
- Specify Audience/Entity ID retrieved from NocoDB as the Client ID
- Click Next
In the Create Client modal, Login Settings tab,
- Specify Redirect URL retrieved from NocoDB as the Valid Redirect URIs
- Specify Redirect URL retrieved from NocoDB as the Valid post logout redirect URIs
- Click Save
On the Client details, Settings tab,
- navigate to SAML Capabilities section
- Specify Name ID format as email
- Enable Force Name ID Format and Force POST Binding
- navigate to Signature and Encryption section
- Enable Sign Assertions
- Click Save
On the Client details, Keys tab,
- Disable Signing keys config > Client Signature Required
Navigate to Realm Settings > Endpoints
- Copy SAML 2.0 Identity Provider Metadata URL

Go to Account Settings > Authentication > SAMLKey
Insert Metadata URL retrieved in step above; alternatively you can configure XML directly as well
Save

For Sign-in's, user should be able to now see Sign in with <SSO> option.

:::note Post sign-out, refresh page (for the first time) if you do not see Sign in with <SSO> option :::