Okta
info
Please reach out to sales for SSO access.
This article briefs about the steps to configure Okta as Identity service provider for NocoDB
NocoDB, Retrieve Redirect URL
- Go to
Account Settings
- Select
Authentication (SSO)
- Click on
New Provider
button - On the Popup modal, Specify a
Display name
for the provider; note that, this name will be used to display the provider on the login page - Retrieve
Redirect URL
; this information will be required to be configured later with the Identity Provider
Okta, Configure NocoDB as an Application
- Sign in to your Okta account and navigate to the "Get started with Okta" page.
- Click on
Add App
for the Single Sign-On option. - On the
Browse App Integration Catalog
page, selectCreate New App
- Click on
- In the pop-up with title
Create a new app integration
- Choose
OIDC - OpenID Connect
as the Sign-in method - Choose
Web Application
as the Application type
- Choose
- Go to
General Settings
on theNew Web App Integration
page- Provide your application's name.
- From the Options in the
Grant type allowed
section, selectAuthorization Code
andRefresh Token
- Add the
Redirect URL
underSign-in redirect URIs
. - From the
Assignments section
, select an option fromControlled access
to set up the desired accessibility configuration for this application. Save
- On your new application,
- Go to the
General
tab - Copy the
Client ID
andClient Secret
from theClient Credentials
section.
- Go to the
- From
Account
dropdown in navigation bar- Copy
Okta Domain
- Copy
- Append "./well-known/openid-configuration" to the
Okta Domain
URL & access it- Example: https://dev-123456.okta.com/.well-known/openid-configuration
- Copy
authorization_endpoint
,token_endpoint
,userinfo_endpoint
&jwks_uri
from the JSON response
NocoDB, Configure Okta as an Identity Provider
In NocoDB, open Account Settings
> Authentication
> OIDC
. On the "Register OIDC Identity Provider" modal, insert the following information:
- Insert
Client ID
retrieved in step (6) above asClient ID
- Insert
Client Secret
retrieved in step (6) above asClient Secret
- Insert
authorization_endpoint
retrieved in step (8) above asAuthorization URL
- Insert
token_endpoint
retrieved in step (8) above asToken URL
- Insert
userinfo_endpoint
retrieved in step (8) above asUserinfo URL
- Insert
jwks_uri
retrieved in step (8) above asJWK Set URL
- Set
Scope
asopenid
profile
email
offline_access
- In the Username Attribute field, indicate the name of the claim that represents the user's email. The default value is set to "email."
For Sign-in's, user should be able to now see Sign in with <SSO>
option.
note
Post sign-out, refresh page (for the first time) if you do not see Sign in with <SSO>
option
For information about Okta API Scopes, refer here