Skip to main content
Teable supports OIDC single sign-on, allowing you to integrate with external identity providers for user authentication.

Environment Variables

To enable OIDC in your self-hosted Teable, configure these environment variables: 
# Core OIDC Configuration
BACKEND_OIDC_CLIENT_ID=your_client_id
BACKEND_OIDC_CLIENT_SECRET=your_client_secret
BACKEND_OIDC_CALLBACK_URL=https://your-teable-domain.com/api/auth/oidc/callback

# OAuth Endpoints (from your IdP)
BACKEND_OIDC_AUTHORIZATION_URL=https://your-idp.com/authorize
BACKEND_OIDC_TOKEN_URL=https://your-idp.com/token
BACKEND_OIDC_USER_INFO_URL=https://your-idp.com/userinfo
BACKEND_OIDC_ISSUER=https://your-idp.com

# Additional Options
BACKEND_OIDC_OTHER={"scope": ["email", "profile"]}

# Enable OIDC as auth provider
SOCIAL_AUTH_PROVIDERS=oidc

Configuration Reference

VariableDescription
BACKEND_OIDC_CLIENT_IDClient ID from your identity provider
BACKEND_OIDC_CLIENT_SECRETClient secret from your identity provider
BACKEND_OIDC_CALLBACK_URLTeable’s callback URL (must match IdP configuration)
BACKEND_OIDC_AUTHORIZATION_URLIdP’s authorization endpoint
BACKEND_OIDC_TOKEN_URLIdP’s token endpoint
BACKEND_OIDC_USER_INFO_URLIdP’s user info endpoint
BACKEND_OIDC_ISSUERIdP’s issuer identifier
BACKEND_OIDC_OTHERAdditional options in JSON format (e.g., scopes)
SOCIAL_AUTH_PROVIDERSInclude oidc to enable OIDC login button

Identity Provider Setup Guides

The linked guides show Admin Panel SSO configuration for Cloud users’ single space.For self-hosted deployments, use these guides to set up your IdP application and obtain the required parameters, then configure them using the environment variables above for instance-wide global authentication.

Azure Entra ID

Microsoft Azure AD / Entra ID

Okta

Okta identity platform

Auth0

Auth0 identity platform

Google Workspace

Google Workspace accounts

OneLogin

OneLogin identity management

Authentik

Authentik open-source IdP

Enabling Multiple Auth Providers

You can enable multiple authentication methods: 
SOCIAL_AUTH_PROVIDERS=github,google,oidc
This allows users to log in via GitHub, Google, or your OIDC provider.

Important Notes

  1. HTTPS Required: All URLs must use HTTPS in production
  2. Callback URL Must Match: The callback URL in Teable must exactly match what’s configured in your IdP
  3. Restart Required: After changing environment variables, restart Teable for changes to take effect
  4. Secure Storage: Never commit secrets to version control; use environment variables or secret managers
Last modified on January 23, 2026