> ## Documentation Index
> Fetch the complete documentation index at: https://help.teable.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# OIDC Single Sign-On

> Configure OpenID Connect (OIDC) authentication for your self-hosted Teable instance.

Teable supports OIDC single sign-on, allowing you to integrate with external identity providers for user authentication.

## Environment Variables

To enable OIDC in your self-hosted Teable, configure these environment variables:

```sh theme={null}
# Core OIDC Configuration
BACKEND_OIDC_CLIENT_ID=your_client_id
BACKEND_OIDC_CLIENT_SECRET=your_client_secret
BACKEND_OIDC_CALLBACK_URL=https://your-teable-domain.com/api/auth/oidc/callback

# OAuth Endpoints (from your IdP)
BACKEND_OIDC_AUTHORIZATION_URL=https://your-idp.com/authorize
BACKEND_OIDC_TOKEN_URL=https://your-idp.com/token
BACKEND_OIDC_USER_INFO_URL=https://your-idp.com/userinfo
BACKEND_OIDC_ISSUER=https://your-idp.com

# Additional Options
BACKEND_OIDC_OTHER={"scope":["email","profile"]}

# Enable OIDC as auth provider
SOCIAL_AUTH_PROVIDERS=oidc
```

## Configuration Reference

| Variable                         | Description                                          |
| -------------------------------- | ---------------------------------------------------- |
| `BACKEND_OIDC_CLIENT_ID`         | Client ID from your identity provider                |
| `BACKEND_OIDC_CLIENT_SECRET`     | Client secret from your identity provider            |
| `BACKEND_OIDC_CALLBACK_URL`      | Teable's callback URL (must match IdP configuration) |
| `BACKEND_OIDC_AUTHORIZATION_URL` | IdP's authorization endpoint                         |
| `BACKEND_OIDC_TOKEN_URL`         | IdP's token endpoint                                 |
| `BACKEND_OIDC_USER_INFO_URL`     | IdP's user info endpoint                             |
| `BACKEND_OIDC_ISSUER`            | IdP's issuer identifier                              |
| `BACKEND_OIDC_OTHER`             | Additional options in JSON format (e.g., scopes)     |
| `SOCIAL_AUTH_PROVIDERS`          | Include `oidc` to enable OIDC login button           |

## Enabling Multiple Auth Providers

You can enable multiple authentication methods:

```sh theme={null}
SOCIAL_AUTH_PROVIDERS=github,google,oidc
```

This allows users to log in via GitHub, Google, or your OIDC provider.

***

## Important Notes

1. **HTTPS Required**: All URLs must use HTTPS in production
2. **Callback URL Must Match**: The callback URL in Teable must exactly match what's configured in your IdP
3. **Restart Required**: After changing environment variables, restart Teable for changes to take effect
4. **Secure Storage**: Never commit secrets to version control; use environment variables or secret managers

***

## Related Documentation

* [Environment Variables Reference](/en/deploy/env)