Configure GitHub SSO (OAuth 2)

This guide explains how to configure Single Sign-On (SSO) using GitHub via the OAuth 2.0 protocol.

SSO is available on the Baserow Advanced and Enterprise plan. You must have a valid license activated to configure these settings.

Overview

The GitHub SSO integration allows users to log in to Baserow using their existing GitHub accounts.

To set this up, you must register an “OAuth App” in your GitHub Developer Settings and connect it to Baserow using a Client ID and Client Secret.

Prerequisites

• Baserow: You must be an Instance Admin on a self-hosted plan.
• GitHub: You must have a GitHub account.

Phase 1: Get Baserow Callback URL

Before registering the app in GitHub, you need to know where GitHub should send users after they log in.

1. Log in to your Baserow Admin Panel.
2. Navigate to Authentication -> + Add Provider.
3. Select GitHub.
4. Copy the Callback URL displayed in the modal (e.g., https://baserow.yourdomain.com/api/sso/oauth2/callback).
5. Keep this tab open.

Phase 2: Register GitHub OAuth App

1. Log in to GitHub.
2. Navigate to Settings.
3. Scroll down to the bottom of the left sidebar and click Developer settings.
4. Select OAuth Apps from the sidebar.
5. Click New OAuth App.
6. Fill in the form:
   • Application Name: Baserow (or your company name).
   • Homepage URL: Enter your Baserow instance URL (e.g., https://baserow.yourdomain.com).
   • Authorization callback URL: Paste the Callback URL you copied from Baserow.
7. Click Register application.

Phase 3: Generate credentials

Once the app is registered, you need to generate the password (Secret) that Baserow will use to authenticate.

1. On the application details page, find the Client ID. Copy it.
2. Under Client secrets, click Generate a new client secret.
3. Copy the generated Client Secret.
   • Note: You will only see this secret once. If you refresh the page, it will be hidden.

Phase 4: Connect GitHub to Baserow

1. Return to the Baserow Admin Panel (where you left the modal open).
2. Name: Enter GitHub.
3. Client ID: Paste the Client ID from GitHub.
4. Secret: Paste the Client Secret from GitHub.
5. Click Save.

Troubleshooting & Common Issues

“redirect_uri_mismatch” Error

This error occurs if the URL in your browser does not match the Authorization callback URL in GitHub settings.

• Check: Did you paste the exact URL from the Baserow modal?
• Check: Ensure there are no trailing spaces or missing slashes.

Frequently Asked Questions (FAQ)

Does this restrict login to my GitHub Organization?

No. By default, a GitHub OAuth App allows any GitHub user to authenticate. It validates identity (who they are), not authorization (which organization they belong to).

• How to restrict access: To prevent random GitHub users from creating accounts on your instance, navigate to Admin -> Settings and disable “Allow creating new accounts”. With this setting off, only users you explicitly invite to a workspace (via their GitHub email) will be able to join.

Learn more: Global instance settings

Can I map GitHub Teams to Baserow Roles?

Not currently. Baserow supports Just-In-Time (JIT) provisioning, which creates the user account immediately upon login. However, it does not sync GitHub Team memberships to assign Baserow roles (e.g., Admin vs. Editor). You must manually assign roles in Baserow after the user logs in.

Related content

• SSO Overview
• Enable SSO in the Admin Panel
• Configure GitLab SSO

---

Still need help? If you’re looking for something else, please feel free to make recommendations or ask us questions; we’re ready to assist you.

• Ask the Baserow community

• Contact support for questions about Baserow or help with your account.