Single Sign-On (SSO)

• Standard OIDC (OpenID Connect)
• Feishu/Lark

​

Understanding OIDC Configuration

• Name: A descriptive name for your SSO configuration
• Client ID: A unique identifier assigned by your identity provider
• Client Secret: A secret key used to authenticate your application
• Authorization URL: The endpoint where users are redirected to authenticate
• Token URL: The endpoint used to exchange the authorization code for access tokens
• User Info URL: The endpoint to retrieve authenticated user information
• Issuer: The URL that identifies your identity provider

​

Configuration Steps

1. Configure your identity provider:
   • Register your Teable application in your identity provider
   • Set the callback URL to: https://app.teable.io/api/auth/authentication/__providerId__/callback
   • Obtain the Client ID and Client Secret
2. Configure Teable:
   • Navigate to Admin Panel → Authentication Settings
   • Click “Create Authentication Provider”
   • Fill in the configuration details from your identity provider
   • After saving, you’ll get a providerId - replace __providerId__ in the callback URL with this value
   • Update this final callback URL in your identity provider’s configuration

​

Example: Configuring Authentik

1. In Authentik:
   • Create a new OAuth2/OpenID Provider
   • Initially set a temporary callback URL (you’ll update this later)
   • Note down the Client ID and Client Secret
2. In Teable:
   • Create a new authentication provider with:
   Copy

   Authorization URL: https://your-authentik-domain.com/application/o/authorize/
   Token URL: https://your-authentik-domain.com/application/o/token/
   User Info URL: https://your-authentik-domain.com/application/o/userinfo/
   Issuer: https://your-authentik-domain.com/application/o/teable/
   

   • After saving, note the generated providerId
   • Update your Authentik configuration with the complete callback URL: https://app.teable.io/api/auth/authentication/YOUR_PROVIDER_ID/callback