Keycloak
Learn how to configure Keycloak as an identity provider for NocoDB.
For SSO Access - please reach out to sales team.
This article briefs about the steps to configure Keycloak as Identity service provider for NocoDB
For users on Business plan, the SSO configuration menu is available under Workspace Settings.
Refer here for more details.
NocoDB, Retrieve SAML SSO
Configuration details
- Go to
Account Settings
- Select
Authentication (SSO)
- Click on
New Provider
button - On the Popup modal, Specify a
Display name
for the provider; note that, this name will be used to display the provider on the login page - Retrieve
Redirect URL
&Audience / Entity ID
; these information will be required to be configured later with the Identity Provider
Keycloak, Configure NocoDB as an Application
- Access your Keycloak account
- navigate to
Clients
menu - select
Clients list
tab > ClickCreate client
button.
- navigate to
- In the
Create Client
modal,General Settings
tab:- Select
SAML
as theClient type
- Specify
Audience/Entity ID
retrieved from NocoDB as theClient ID
- Click
Next
- Select
- In the
Create Client
modal,Login Settings
tab,- Specify
Redirect URL
retrieved from NocoDB as theValid Redirect URIs
- Specify
Redirect URL
retrieved from NocoDB as theValid post logout redirect URIs
- Click
Save
- Specify
- On the
Client details
,Settings
tab,- navigate to
SAML Capabilities
section - Specify
Name ID format
asemail
- Enable
Force Name ID Format
andForce POST Binding
- navigate to
Signature and Encryption
section - Enable
Sign Assertions
- Click
Save
- navigate to
- On the
Client details
,Keys
tab,- Disable
Signing keys config
>Client Signature Required
- Disable
- Navigate to
Realm Settings
>Endpoints
- Copy
SAML 2.0 Identity Provider Metadata
URL
- Copy
NocoDB, Configure Azure AD as an Identity Provider
- Go to
Account Settings
>Authentication
>SAML
Key - Insert
Metadata URL
retrieved in step above; alternatively you can configure XML directly as well Save
For Sign-in's, user should be able to now see Sign in with <SSO>
option.
Post sign-out, refresh page (for the first time) if you do not see Sign in with <SSO>
option
For more common questions and troubleshooting, see our SSO FAQ.