Okta
Learn how to configure Okta as an identity provider for NocoDB.
For SSO Access - please reach out to sales team
This article briefs about the steps to configure Okta as Identity service provider for NocoDB
For users on Business plan, the SSO configuration menu is available under Workspace Settings.
Refer here for more details.
NocoDB, Retrieve Redirect URL
- Go to
Account Settings
- Select
Authentication (SSO)
- Click on
New Provider
button - On the Popup modal, Specify a
Display name
for the provider; note that, this name will be used to display the provider on the login page - Retrieve
Redirect URL
; this information will be required to be configured later with the Identity Provider
Okta, Configure NocoDB as an Application
- Sign in to your Okta account and navigate to the "Get started with Okta" page.
- Click on
Add App
for the Single Sign-On option. - On the
Browse App Integration Catalog
page, selectCreate New App
- Click on
- In the pop-up with title
Create a new app integration
- Choose
OIDC - OpenID Connect
as the Sign-in method - Choose
Web Application
as the Application type
- Choose
- Go to
General Settings
on theNew Web App Integration
page- Provide your application's name.
- From the Options in the
Grant type allowed
section, selectAuthorization Code
andRefresh Token
- Add the
Redirect URL
underSign-in redirect URIs
. - From the
Assignments section
, select an option fromControlled access
to set up the desired accessibility configuration for this application. Save
- On your new application,
- Go to the
General
tab - Copy the
Client ID
andClient Secret
from theClient Credentials
section.
- Go to the
- From
Account
dropdown in navigation bar- Copy
Okta Domain
- Copy
- Append "./well-known/openid-configuration" to the
Okta Domain
URL & access it- Example: https://dev-123456.okta.com/.well-known/openid-configuration
- Copy
authorization_endpoint
,token_endpoint
,userinfo_endpoint
&jwks_uri
from the JSON response
NocoDB, Configure Okta as an Identity Provider
In NocoDB, open Account Settings
> Authentication
> OIDC
. On the "Register OIDC Identity Provider" modal, insert the following information:
- Insert
Client ID
retrieved in step (6) above asClient ID
- Insert
Client Secret
retrieved in step (6) above asClient Secret
- Insert
authorization_endpoint
retrieved in step (8) above asAuthorization URL
- Insert
token_endpoint
retrieved in step (8) above asToken URL
- Insert
userinfo_endpoint
retrieved in step (8) above asUserinfo URL
- Insert
jwks_uri
retrieved in step (8) above asJWK Set URL
- Set
Scope
asopenid
profile
email
offline_access
- In the Username Attribute field, indicate the name of the claim that represents the user's email. The default value is set to "email."
For Sign-in's, user should be able to now see Sign in with <SSO>
option.
Post sign-out, refresh page (for the first time) if you do not see Sign in with SSO
option
For information about Okta API Scopes, refer here
For more common questions and troubleshooting, see our SSO FAQ.