Skip to main content
Version: Latest

Ping Identity

info

For SSO Access - please reach out to sales team.

This article briefs about the steps to configure Ping Identity as Identity service provider for NocoDB

NocoDB, Retrieve Redirect URL

  1. Go to Account Settings
  2. Select Authentication (SSO)
  3. Click on New Provider button
  4. On the Popup modal, Specify a Display name for the provider; note that, this name will be used to display the provider on the login page
  5. Retrieve Redirect URL; this information will be required to be configured later with the Identity Provider

OIDC SSO Configuration OIDC SSO Configuration OIDC SSO Configuration

Ping Identity, Configure NocoDB as an Application

  1. Access your PingOne account and navigate to the homepage.
  2. Click on Add Environment from the top right corner.
  3. On the Create Environment screen,
    • Opt for Build your own solution
    • In the Select solution(s) for your Environment section, select PingOne SSO from Cloud Services
    • Click Next
    • Provide a name and description for the environment,
    • Click Next
  4. Access the newly created environment and go to Connections > Applications from the sidebar.
  5. Within the Applications homepage, initiate the creation of a new application by clicking the "+" icon.
  6. On the "Add Application" panel:
    • Input the application name and description.
    • Choose "OIDC Web App" as the Application Type and click "Configure"
  7. From your application,
    • Go to Configurations tab
    • Click on Edit button
    • Check Refresh Token option
    • Copy Authorization URL, Token URL, Userinfo URL & JWK Set URL from the Endpoints section
    • From Generals dropdown, copy Client ID & Client Secret
    • Save
  8. From Resources tab,
    • Click Edit
    • Select openid profile email from Scopes
  9. Switch toggle button in the top right corner to On to activate the application.

NocoDB, Configure Ping Identity as an Identity Provider

  1. In NocoDB, open Account Settings > Authentication > OIDC. On the "Register OIDC Identity Provider" modal, insert the following information:
    • Insert Client ID retrieved in step (9) above as Client ID
    • Insert Client Secret retrieved in step (9) above as Client Secret
    • Insert Authorization URL retrieved in step (9) above as Authorization URL
    • Insert Token URL retrieved in step (9) above as Token URL
    • Insert Userinfo URL retrieved in step (9) above as Userinfo URL
    • Insert JWK Set URL retrieved in step (9) above as JWK Set URL
    • Set Scope as openid profile email offline_access
    • In the Username Attribute field, indicate the name of the claim that represents the user's email. The default value is set to "email."

For Sign-in's, user should be able to now see Sign in with <SSO> option.

SAML SSO Configuration

note

Post sign-out, refresh page (for the first time) if you do not see Sign in with <SSO> option

For information about Ping Identity API Scopes, refer here