Enable Single Sign On (SSO) with Identity Providers

Baserow Admins can set up Single sign-on (SSO) for their teams’ logins to Baserow. The Premium and Advanced/Enterprise accounts for paid use of Baserow are managed centrally in the Admin Panel.

Instance-wide admin panel, SSO, Payment by invoice, Signup rules, Audit logs are features only available for Baserow paid plans. You can get in touch with us here if you’re interested in learning more about paid pricing.

Add providers for SSO SAML

Baserow uses SAML (Security Assertion Markup Language) to simplify and secure the authentication process so users only need to log in once with a single set of authentication credentials.

You must first retrieve your SSO metadata from your SSO identity provider before adding it to the Baserow admin panel:

From your Baserow dashboard, go to Admin → Authentication in the navigation sidebar on the left. Under the authentication configuration section, click the “Add Provider” button.

Select “SSO SAML Provider” from the dropdown menu. Clicking this will open up a configuration window:

enter image description here

When the “Add a new SSO SAML provider” modal is opened, you can see the Default Relay State URL and the Single Sign On URL needed to configure a SAML application. You’ll need this value later, so make a note of it.

enter image description here

Next, retrieve your third-party SSO metadata and domain from the provider, following the steps in this guide.

Now paste the XML metadata in Baserow. You’ll end up with something like this:

enter image description here

After the provider has been correctly created, you should see it listed in the provider’s list:

enter image description here

OAuth Provider Configuration

Baserow supports a variety of OAuth 2 providers like Google, Facebook, GitLab, GitHub, and any providers that support OpenID Connect protocol.

Add Google provider

From your Baserow dashboard, go to Admin → Authentication. Under the authentication configuration section, click the “Add Provider” button.

Select “Google” from the dropdown menu. Clicking this will open up a configuration window:

enter image description here

When the “Add a new Google” modal is opened, you can see the Callback URL needed to configure Google. You’ll need this value later, so make a note of it.

enter image description here

Next, retrieve your Client ID and Secret from the provider, following the steps in this guide.

  • Fill in the Provider’s name. This name will be displayed to your Baserow users on the login screen.
  • Fill in the Client ID and Secret that you obtained from Google.

Save the new provider.

After the provider has been correctly created, you should see it listed in the provider’s list.

Add Facebook provider

From your Baserow dashboard, go to Admin → Authentication. Under the authentication configuration section, click the “Add Provider” button.

Select “Facebook” from the dropdown menu. Clicking this will open up a configuration window:

enter image description here

When the “Add a new Facebook” modal is opened, you can see the Callback URL needed to configure Facebook. You’ll need this value later, so make a note of it.

enter image description here

Next, retrieve your Client ID and Secret from the provider, following the steps in this guide.

  • Fill in the Provider’s name. This name will be displayed to your Baserow users on the login screen.
  • Fill in the Client ID and Secret that you obtained from Facebook.

Save the new provider.

After the provider has been correctly created, you should see it listed in the provider’s list.

Add GitHub provider

From your Baserow dashboard, go to Admin → Authentication. Under the authentication configuration section, click the “Add Provider” button.

Select “GitHub” from the dropdown menu. Clicking this will open up a configuration window:

enter image description here

When the “Add a new GitHub” modal is opened, you can see the Callback URL needed to configure GitHub. You’ll need this value later, so make a note of it.

enter image description here

Next, retrieve your Client ID and Secret from the provider, following the steps in this guide.

  • Fill in the Provider’s name. This name will be displayed to your Baserow users on the login screen.
  • Fill in the Client ID and Secret that you obtained from GitHub.

Save the new provider.

After the provider has been correctly created, you should see it listed in the provider’s list.

Add GitLab provider

From your Baserow dashboard, go to Admin → Authentication. Under the authentication configuration section, click the “Add Provider” button.

Select “GitLab” from the dropdown menu. Clicking this will open up a configuration window:

enter image description here

When the “Add a new GitLab” modal is opened, you can see the Callback URL needed to configure GitLab. You’ll need this value later, so make a note of it.

enter image description here

Next, retrieve your Client ID and Secret from the provider, following the steps in this guide.

  • Fill in the Provider’s name. This name will be displayed to your Baserow users on the login screen.
  • Fill in the Client ID and Secret that you obtained from GitLab.

Optionally, you can set a custom GitLab URL in case you are self-hosting GitLab.

Save the new provider.

After the provider has been correctly created, you should see it listed in the provider’s list.

Add OpenID Connect provider

From your Baserow dashboard, go to Admin → Authentication. Under the authentication configuration section, click the “Add Provider” button.

Select “OpenID Connect” from the dropdown menu. Clicking this will open up a configuration window:

enter image description here

When the “Add a new OpenID Connect” modal is opened, you can see the Callback URL needed to configure OpenID Connect. You’ll need this value later, so make a note of it.

enter image description here

Next, retrieve your custom provider name, base URL, Client ID and Secret from the provider, following the steps in this guide.

  • Fill in the Provider’s name. This name will be displayed to your Baserow users on the login screen.
  • Fill in the Provider’s Base URL.
  • Fill in the Client ID and Secret that you obtained from your provider.

Save the new provider.

After the provider has been correctly created, you should see it listed in the provider’s list.

Manage single sign-on settings

In your authentication page, you can edit, delete or disable an authentication provider.

To edit or delete an authentication provider, click the ellipsis icon beside the provider and select Edit or Delete:

enter image description here

You can disable or enable an authentication provider by using the toggle.

If you’re looking for something else, please feel free to make recommendations or ask us questions in our online community —we’re ready to assist you!