Available for Enterprise plan

Teable supports Single Sign-On (SSO) integration to help you manage user authentication through your existing identity providers. Currently, we support:

  • Standard OIDC (OpenID Connect)
  • Feishu/Lark

Understanding OIDC Configuration

When setting up OIDC integration, you’ll need to configure the following parameters:

  • Name: A descriptive name for your SSO configuration
  • Client ID: A unique identifier assigned by your identity provider
  • Client Secret: A secret key used to authenticate your application
  • Authorization URL: The endpoint where users are redirected to authenticate
  • Token URL: The endpoint used to exchange the authorization code for access tokens
  • User Info URL: The endpoint to retrieve authenticated user information
  • Issuer: The URL that identifies your identity provider

Configuration Steps

  1. Configure your identity provider:

    • Register your Teable application in your identity provider
    • Set the callback URL to: https://app.teable.io/api/auth/authentication/__providerId__/callback
    • Obtain the Client ID and Client Secret

  2. Configure Teable:

    • Navigate to Admin PanelAuthentication Settings
    • Click “Create Authentication Provider”
    • Fill in the configuration details from your identity provider
    • After saving, you’ll get a providerId - replace __providerId__ in the callback URL with this value
    • Update this final callback URL in your identity provider’s configuration

Example: Configuring Authentik

Here’s a practical example using Authentik as your identity provider:

  1. In Authentik:

    • Create a new OAuth2/OpenID Provider
    • Initially set a temporary callback URL (you’ll update this later)
    • Note down the Client ID and Client Secret

  2. In Teable:

    • Create a new authentication provider with:
    Authorization URL: https://your-authentik-domain.com/application/o/authorize/
Token URL: https://your-authentik-domain.com/application/o/token/
User Info URL: https://your-authentik-domain.com/application/o/userinfo/
Issuer: https://your-authentik-domain.com/application/o/teable/
    • After saving, note the generated providerId
    • Update your Authentik configuration with the complete callback URL: https://app.teable.io/api/auth/authentication/YOUR_PROVIDER_ID/callback

Remember to replace your-authentik-domain.com with your actual Authentik instance domain, and YOUR_PROVIDER_ID with the ID generated by Teable. The exact URLs may vary depending on your identity provider’s configuration.