Available for Pro plan and above
Step 1: Create Authentication Provider in Teable
- Navigate to your Teable SSO settings
- Create a new authentication provider and name it OneLogin and select OpenID Connect
Step 2: Access OneLogin Admin Portal
- Log in to your OneLogin Admin Portal
- Ensure you have administrator privileges
- Navigate to Applications in the top menu
Step 3: Add a New Application
- Click Applications → Applications in the menu
- Click Add App button
- Search for OpenId Connect (OIDC) in the search box
- Select OpenId Connect (OIDC) from the results
- Click Save
In the Configuration tab:
- Display Name: Teable SSO
- Description: (Optional) SSO integration for Teable
- Logo: (Optional) Upload Teable logo
- Click Save
Configuration Settings
Go to the Configuration tab and configure:
- Redirect URIs: Paste the Callback URL from Teable
- Login Url: (Optional)
https://app.teable.io
- Application Type: Web
- Click Save
Step 5: Get Client Credentials
Go to the SSO tab:
- Find the Client ID field and copy the value
- Find the Client Secret field and copy the value (you may need to click “Show” first)
- Paste both values into the Teable SSO configuration
Warning: Keep your Client Secret secure. You can regenerate it if needed from this page.
In the SSO tab, you’ll find your OneLogin subdomain. Use it to configure the endpoints in Teable:
- Authorization URL:
https://{subdomain}.onelogin.com/oidc/2/auth
- Token URL:
https://{subdomain}.onelogin.com/oidc/2/token
- User Info URL:
https://{subdomain}.onelogin.com/oidc/2/me
- Issuer:
https://{subdomain}.onelogin.com/oidc/2
Note: Replace {subdomain} with your actual OneLogin subdomain (e.g., mycompany.onelogin.com). You can find this in your OneLogin portal URL.
Assign Roles
Go to the Access tab:
- Roles: Select which roles should have access to this application
- You can select:
- Specific roles
- All users
- Custom conditions
- Click Save
Assign Users
Go to the Users tab:
- Click Add Users or Add Users by Role
- Select the users who should have access to Teable via SSO
- Click Continue and Save
Go to the Parameters tab to map user attributes:
- Click Add parameter to create custom claims
- Configure standard OIDC claims:
- email: User email address
- name: User full name
- given_name: User first name
- family_name: User last name
- Map each parameter to the corresponding OneLogin user field
- Click Save
Step 9: Enable the Application
- Make sure all configurations are saved
- The application should now be enabled and visible to assigned users
- Users will see the Teable app in their OneLogin portal
Step 10: Test SSO Login
You have three options to enable SSO login:
Option 1: Direct Authentication URL
- Use the authorization URL as your SSO login URL
Option 2: OneLogin Portal
- Users can log in to their OneLogin portal and click the Teable application icon
Option 3: Domain Verification
- In Teable, configure domain verification
- Verify your custom domain
- Visit https://app.teable.io
- Click the SSO login button
- Enter your email address under the verified domain to log in
Additional Configuration (Optional)
- In OneLogin Admin Portal, go to Security → Multi-Factor Authentication
- Enable MFA policies for your organization or specific users
- Configure MFA requirements (e.g., always require, require for new devices)
Set Up Provisioning (SCIM)
If you want to automatically provision users from OneLogin to Teable:
- Go to the Provisioning tab in your Teable application
- Enable provisioning
- Configure the SCIM endpoint (if Teable supports SCIM)
- Map user attributes
- Enable user creation, updates, and deletion
- Go to Settings → Sessions in OneLogin
- Configure session timeout settings
- Set idle timeout and maximum session duration
Custom Branding
- Go to Customization → Portal in OneLogin
- Customize the OneLogin portal appearance
- Add your company logo, colors, and custom CSS
- This affects what users see when they log in to OneLogin