coop-cloud/baserow
0
1
Fork 3
Code Issues 2 Pull Requests 2 Packages Projects Releases Wiki Activity

add sso configuration instructions #11

Open
jjsfunhouse wants to merge 1 commits from jjsfunhouse/baserow:sso into main
pull from: jjsfunhouse/baserow:sso
merge into: coop-cloud:main
Conversation 0 Commits 1 Files Changed 1 +33
1 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
README.md
View File

@ -27,5 +27,38 @@
* For environments with 2GB or less RAM, run `abra app config <app-name>` and uncomment the `For low-resource machines` config block
* More info: https://hub.docker.com/r/baserow/baserow/#scaling-options
## Enable SSO with Authenitk
This is how to configure your Baserow server to accept logins from your Authenitk SSO provider. You need at least an advanced Baserow plan to use this feature.
### Configure Authenitk
**Create Application and Provider**
* Log in as administrator of your Authentik instance
* Go to https://your-authentik-domain/if/admin/#/core/applications and choose *Create with Provider*
* Follow these steps to configure the provider, if a field isn't specified here, you can keep the default value
* Application Name: baserow -> **Next**
* Choose OAuth2/OIDC -> **Next**
* Set Authorization flow: `default-provider-authorization-implicit-consent (Authorize Application)`
* Copy the **Client ID** and **Client Secret**, you'll need them later
* Add Redirect URI: Strict - https://your-baserow-domain/api/sso/oauth2/callback/2/ -> **Next**
* **Note**: You may need to change this URI based your baserow settings later
* **Next** and **Submit**
### Configure Baserow
**Create Baserow SSO Provider**
* Log in as adminsitrator of your Baserow instance
* Go to https://your-baserow-domain/admin/auth-providers and choose *Add Provider*
* Name: `authentik`
* URL: `https://<your-authentik-domain>/application/o/baserow`
* Fill out Client ID and Secret with the copied values from the Authentik provisioning
* At this point, check the `Callback URL` at the bottom of the page, it should be the same as the Redirect URI earlier
* If it's not go back to Authentik and under https://your-authentik-domain/if/admin/#/core/providers edit the Baserow provider to use the Callback URL provided by Baserow
**Disable non-SSO login (Optional)**
* Still under the `Authentication Providers` page, uncheck the email and password authentication option
* You can still login to your admin instance at https://your-baserow-domain/login?noredirect
For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).