Azure AD (Entra)
info
For SSO Access - please reach out to sales team.
This article briefs about the steps to configure Active Directory as Identity service provider for NocoDB
NocoDB, Retrieve SAML SSO
Configuration details
- Go to
Account Settings
- Select
Authentication (SSO)
- Click on
New Provider
button - On the Popup modal, Specify a
Display name
for the provider; note that, this name will be used to display the provider on the login page - Retrieve
Redirect URL
&Audience / Entity ID
; these information will be required to be configured later with the Identity Provider
Azure AD, Configure NocoDB as an Application
- Sign in to your Azure account and navigate
to
Microsoft Entra admin center
>Identity
>Enterprise applications
- Click
+ New application
- On the
Browse Microsoft Entra Gallery
page, selectCreate your own application
from the navigation bar.- Provide your application's name.
- Choose
Integrate any other application you don't find in the gallery (Non-gallery)
Create
- On your application page, navigate to
Manage
>Single sign-on
>SAML
- Go to the
Basic SAML Configuration
section underSet up Single Sign-On with SAML
and clickEdit
- Add the
Audience URI
underIdentifier (Entity ID)
. - Add the
Redirect URL
underReplay URL (Assertion Consumer Service URL)
. - Click
Save
- Add the
- In the
Attributes & Claims
section, clickEdit
- Edit the "Unique User Identifier (Name ID)" claim:
- Select
Email address
from theName identifier format
dropdown - Choose
Attribute
as theSource
- In the
Source attribute
, selectuser.mail
- Click
Save
- Select
- Edit the "Unique User Identifier (Name ID)" claim:
- Go to the
SAML Certificates
section and copy theApp Federation Metadata URL
- on the Application's Overview page,
- Click
Users and groups
, - Add the necessary users or groups to the application.
- Click
NocoDB, Configure Azure AD as an Identity Provider
- Go to
Account Settings
>Authentication
>SAML
- Insert
Metadata URL
retrieved in step above; alternatively you can configure XML directly as well Save
For Sign-in's, user should be able to now see Sign in with <SSO>
option.
note
Post sign-out, refresh page (for the first time) if you do not see Sign in with <SSO>
option