Teable supports OIDC single sign-on, allowing you to integrate with external identity providers for user authentication.
Environment Variables
To enable OIDC in your self-hosted Teable, configure these environment variables:
# Core OIDC Configuration
BACKEND_OIDC_CLIENT_ID=your_client_id
BACKEND_OIDC_CLIENT_SECRET=your_client_secret
BACKEND_OIDC_CALLBACK_URL=https://your-teable-domain.com/api/auth/oidc/callback
# OAuth Endpoints (from your IdP)
BACKEND_OIDC_AUTHORIZATION_URL=https://your-idp.com/authorize
BACKEND_OIDC_TOKEN_URL=https://your-idp.com/token
BACKEND_OIDC_USER_INFO_URL=https://your-idp.com/userinfo
BACKEND_OIDC_ISSUER=https://your-idp.com
# Additional Options
BACKEND_OIDC_OTHER={"scope":["email","profile"]}
# Enable OIDC as auth provider
SOCIAL_AUTH_PROVIDERS=oidc
Configuration Reference
| Variable | Description |
|---|
BACKEND_OIDC_CLIENT_ID | Client ID from your identity provider |
BACKEND_OIDC_CLIENT_SECRET | Client secret from your identity provider |
BACKEND_OIDC_CALLBACK_URL | Teable’s callback URL (must match IdP configuration) |
BACKEND_OIDC_AUTHORIZATION_URL | IdP’s authorization endpoint |
BACKEND_OIDC_TOKEN_URL | IdP’s token endpoint |
BACKEND_OIDC_USER_INFO_URL | IdP’s user info endpoint |
BACKEND_OIDC_ISSUER | IdP’s issuer identifier |
BACKEND_OIDC_OTHER | Additional options in JSON format (e.g., scopes) |
SOCIAL_AUTH_PROVIDERS | Include oidc to enable OIDC login button |
Enabling Multiple Auth Providers
You can enable multiple authentication methods:
SOCIAL_AUTH_PROVIDERS=github,google,oidc
Important Notes
- HTTPS Required: All URLs must use HTTPS in production
- Callback URL Must Match: The callback URL in Teable must exactly match what’s configured in your IdP
- Restart Required: After changing environment variables, restart Teable for changes to take effect
- Secure Storage: Never commit secrets to version control; use environment variables or secret managers
Last modified on May 14, 2026
