From de3dd72f9de382f049e59ba220aa0e3f138cd23f Mon Sep 17 00:00:00 2001 From: hey Date: Mon, 30 Mar 2026 11:42:28 -0400 Subject: [PATCH] add sso configuration instructions --- README.md | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/README.md b/README.md index e85263b..698823f 100644 --- a/README.md +++ b/README.md @@ -27,5 +27,38 @@ * For environments with 2GB or less RAM, run `abra app config ` and uncomment the `For low-resource machines` config block * More info: https://hub.docker.com/r/baserow/baserow/#scaling-options +## Enable SSO with Authenitk +This is how to configure your Baserow server to accept logins from your Authenitk SSO provider. You need at least an advanced Baserow plan to use this feature. + +### Configure Authenitk +**Create Application and Provider** + +* Log in as administrator of your Authentik instance +* Go to https://your-authentik-domain/if/admin/#/core/applications and choose *Create with Provider* +* Follow these steps to configure the provider, if a field isn't specified here, you can keep the default value + * Application Name: baserow -> **Next** + * Choose OAuth2/OIDC -> **Next** + * Set Authorization flow: `default-provider-authorization-implicit-consent (Authorize Application)` + * Copy the **Client ID** and **Client Secret**, you'll need them later + * Add Redirect URI: Strict - https://your-baserow-domain/api/sso/oauth2/callback/2/ -> **Next** + * **Note**: You may need to change this URI based your baserow settings later + * **Next** and **Submit** + +### Configure Baserow +**Create Baserow SSO Provider** + +* Log in as adminsitrator of your Baserow instance +* Go to https://your-baserow-domain/admin/auth-providers and choose *Add Provider* + * Name: `authentik` + * URL: `https:///application/o/baserow` + * Fill out Client ID and Secret with the copied values from the Authentik provisioning +* At this point, check the `Callback URL` at the bottom of the page, it should be the same as the Redirect URI earlier + * If it's not go back to Authentik and under https://your-authentik-domain/if/admin/#/core/providers edit the Baserow provider to use the Callback URL provided by Baserow + +**Disable non-SSO login (Optional)** + +* Still under the `Authentication Providers` page, uncheck the email and password authentication option +* You can still login to your admin instance at https://your-baserow-domain/login?noredirect + For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech). -- 2.49.0