Keycloak

This article briefs about the steps to configure Keycloak as Identity service provider for NocoDB

NocoDB, Retrieve SAML SSO Configuration details

1. Go to Account Settings
2. Select Authentication (SSO)
3. Click on New Provider button
4. On the Popup modal, Specify a Display name for the provider; note that, this name will be used to display the provider on the login page
5. Retrieve Redirect URL & Audience / Entity ID; these information will be required to be configured later with the Identity Provider

Keycloak, Configure NocoDB as an Application

1. Access your Keycloak account
   • navigate to Clients menu
   • select Clients list tab > Click Create client button.
2. In the Create Client modal, General Settings tab:
   • Select SAML as the Client type
   • Specify Audience/Entity ID retrieved from NocoDB as the Client ID
   • Click Next
3. In the Create Client modal, Login Settings tab,
   • Specify Redirect URL retrieved from NocoDB as the Valid Redirect URIs
   • Specify Redirect URL retrieved from NocoDB as the Valid post logout redirect URIs
   • Click Save
4. On the Client details, Settings tab,
   • navigate to SAML Capabilities section
   • Specify Name ID format as email
   • Enable Force Name ID Format and Force POST Binding
   • navigate to Signature and Encryption section
   • Enable Sign Assertions
   • Click Save
5. On the Client details, Keys tab,
   • Disable Signing keys config > Client Signature Required
6. Navigate to Realm Settings > Endpoints
   • Copy SAML 2.0 Identity Provider Metadata URL

NocoDB, Configure Azure AD as an Identity Provider

1. Go to Account Settings > Authentication > SAMLKey
2. Insert Metadata URL retrieved in step above; alternatively you can configure XML directly as well
3. Save

For Sign-in's, user should be able to now see Sign in with <SSO> option.