OpenID Connect

Use the OpenID Connect protocol to integrate with an identity provider of your choosing.

Follow the guide below to become familiar with the OpenID Connect configuration form in Budibase.

Examples

Guides on how to setup OpenID Connect with some of the most common providers can be seen below:

Google

Budibase also comes with an out of the box integration with Google single sign-on.

Adding users

After creating your Admin user account you will have access to the User Management page. This is where you will invite and create new users.

To add a user, hit the Add user button in the top-right part of the page. You will be presented with a modal containing a dropdown as well as an input field.

The first option here is the regular `Email onboarding` flow. In order to use this you must first configure your email settings. Simply enter the users email and hit the add user button. Budibase will send-off an email containing an Invite link that the user will have to click. You can customize the invitation email in the email settings.

The other option is to select the `Basic onboarding` flow. Here you'll create the user directly, by-passing the email sending step. Enter an email here and copy the password that is automatically generated for you. Hit the create user button. It is best practice to change the password as soon as possible, as it's just a temporary one.

Editing users

Resetting passwords

If you need to force reset a users password you can do that as well. The user gets a temporary password that they can use to login. Once logged in they will be prompted to change their password before continuing on.

Configure user roles

When you have created your users you can change their roles. To get started click the user row which you want to edit and you will be taken to a new page.

Here you'll see information about the specific user. This is where you can reset passwords and update user app roles.

To change the role for the specific user click the table. You'll see a modal with a list of roles that are relevant to the app.

Deleting a user

At the bottom of the user page you can find a Delete user section. Hit the delete user button.

OpenID Connect (OIDC) is a simple identity layer built on top of the OAuth 2.0 protocol, which allows clients to verify the identity of an end user based on the authentication performed by an authorization server or identity provider (IdP), as well as to obtain basic profile information about the end user.

Setup

To enable OIDC for your IdP follow the setup steps below.

Configure your IdP

Any provider that supports the OIDC protocal can be integrated into Budibase, you may even implement your own.

Guides on how to setup some of the most common providers can be seen below:

See also:

ADFS by Microsoft

Callback URL

• During your configuration you will need to enter the Callback URL for your Budibase installation.

• For example: https://{your-budibase-host.com}/api/admin/auth/oidc/callback

Configure OIDC in Budibase

To configure an OIDC integration in Budibase visit the Auth section of the builder.

Fill in the following options from your IdP:

• Config URL

  • URL where Budibase can find the OpenID Provider Configuration Document

  • For example: https://{your-identity-provider.com}/.well-known/openid-configuration

• Client ID

  • Your unique ID issued by your IdP

• Client Secret

  • Your unique secret issued by your IdP

Save the configuration to enable OIDC on your login page.

Customize your login

Use the login configuration options to customize the OIDC login button.

Fill in either of the following:

• Name

  • The name on the login button. This will be substituted at Sign in with {name}

• Icon

  • The icon on the login button. Choose from:

    • One of the default icons

    • Upload a custom icon

Important information

Some additional details on the OIDC integration are highlighted below.

User provisioning

Unlike the Google integration which requires a local user account to exist in advance, OIDC users are created in Budibase automatically when they log in for the first time. It is important that only the users you wish to access Budibase have been assigned to the application configured in your IdP.

You may still use email onboarding to create an account for a user in advance, provided the email matches the user's email in your IdP.

OpenID Connect

To become familiar with OpenID Connect in Budibase, see:

Configuration

Create the application

Create the budibase application in your Applications list.

Select 'OIDC - OpenID Connect' and 'Web Application'

Enter your application name on the next screen and save.

Find your configuration details

Visit the 'General' tab in your application.

Client ID

Use the Client ID field as your Client ID in Budibase.

Client Secret

Use the Client Secret field as your Client ID in Budibase.

Configuration URL

Visit the 'Sign On' tab in your application.

Use the Issuer field to construct your Configuration URL in Budibase. e.g. https://{Issuer}/.well-known/openid-configuration

Add your callback URL

Visit the 'General' tab in your application, scroll down and edit the 'General Settings' section. Enter your callback URL

OpenID Connect

To become familiar with OpenID Connect in Budibase, see:

Configuration

Create the application

Create the budibase application using a new 'App Registration'

Add the application name

Ignore the Redirect URI for now.

Find your configuration details

Configuration URL

Visit 'Overview' > 'Endpoints'.

Use the OpenID Connect metadata document field as your Configuration URL in Budibase.

Client ID

Visit 'Overview'

Use the Application (client) ID field as your Client ID in Budibase.

Client Secret

Visit 'Certificates & secrets', click on 'Add client secret', give your secret a description / expiry and save.

View your newly created secret

Use the Value field as your Client Secret in Budibase.

Add your callback URL

Visit 'Authentication' and enter your callback URL

Budibase currently supports Google OAuth in addition to the built-in authentication solution. To enable it you need to configure it correctly with details from the Google dashboard. You will need your Client ID, secret and Callback URL.

The callback URL you should generally use is the one that authenticates directly with budibase. It is /api/admin/auth/google/callback

Sending Emails

In order for Budibase to be able to send emails you need to set up your SMTP settings. After you have set this up you can invite users as well as send emails.

Templates

Budibase comes with a number of email templates so that you can focus on what's important. Currently there are three different ones: Password Recovery, Invitation and Welcome. In addition to that you can also create your own custom templates.

To edit a template, just select it in the table and you will be taken to a new screen. To insert dynamic content you can use the Bindings on the right side of the page. This makes it easier to include things such as the users email, your organisations logo or the name of your organisation. When you're done hit the preview button to make sure it looks OK. Then hit save.

OpenID Connect

To become familiar with OpenID Connect in Budibase, see:

Configuration

Create the application

Create the budibase application in your Applications list.

Select 'Regular Web Applications'.

Find your configuration details

Visit the 'Settings' tab in your application.

Configuration URL

Use the Domain field to construct your Configuration URL in Budibase. e.g. https://{domain}/.well-known/openid-configuration

Client ID

Use the Client ID field as your Client ID in Budibase.

Client Secret

Use the Client Secret field as your Client ID in Budibase.

Add your callback URL

Scroll down to the 'Application URIs' section and enter your callback URL

To become familiar with OpenID Connect in Budibase, see:

Configuration

Add a Client

Create a new client by visiting the 'Clients' pane from the left hand side of your Keycloak admin console. Then give it an ID and select 'openid-connect' from the dropdown. Alternatively bypass this step if you have a client already created.

Configure the Client

In the Client configuration screen (accessed by clicking on the Client ID within the Clients pane), change the 'Access Type' dropdown to be 'Confidential'.

Next add the Callback URL to the 'Valid Redirect URIs' field ands then click 'Save'

Find your configuration details

Client ID

The Client ID field in Budibase should be the same ID as you gave the Client in Keycloak earlier.

Client Secret

You can find the Client Secret from the Credentials tab in the Client Configuration screen

Configuration URL

Visit the 'Realms' pane from the left hand side of your Keycloak admin console. Then click on the OpenID Endpoint Configuration link and copy the URL that opens.

When you sign in to budibase, you will be presented with the budibase portal. Depending on your user role, you will see either the admin portal, development portal or the standard portal.

Admin Portal

Admin users have access to all of the functions of the budibase portal, such as user and OAuth administration, email templates and organisation level settings. Admins can also build, deploy and manage applications.

See the Admin section of the docs to find out more about the different admin features of budibase!

Development Portal

Developers can build, deploy and manage applications. They do not have access to any of the admin configuration sections of the portal.

Standard Portal

In the standard portal. You can only see the list of deployed applications that you have access to. You will not see the user administration options, dev apps or deployment options that are available in development or admin mode. The standard portal acts as a landing page or dashboard for users to use budibase apps created by builder users.

Budibase provides some options for configuring your user account. Access the user settings menu by clicking on your profile dropdown in the top right of the builder.

Let's go through the options one by one.

Update User Information

Update your first and last name for your user account. This is useful for things like email templates within budibase, and will allow other people in your organisation to identify you.

Update Password

Here, you can update the password for your own user account.

Toggle Developer Mode (Builder/Admin Users Only)

As a builder/admin, you can switch between viewing the portal in developer mode and standard mode. Find out more about the different budibase portal modes.

Find out more about the budibase portal modes.

OpenID Connect

To become familiar with OpenID Connect in Budibase, see:

Configuration

Create the application

Create the budibase application in your Applications list.

Type 'openid connect' and select 'Openid Connect (OIDC)'

Give your application a name and save

Visit the 'SSO' tab and choose

• 'Application Type' = 'Web'

• 'Authentication Method' = 'POST'

Find your configuration details

Visit the 'SSO' tab in your application.

Client ID

Use the Client ID field as your Client ID in Budibase.

Client Secret

Use the Client Secret field as your Client ID in Budibase.

Configuration URL

Use the Issuer URL field to construct your Configuration URL in Budibase. e.g. https://{Issuer URL}/.well-known/openid-configuration

Add your callback URL

Visit the 'Configuration' tab in your application and enter your callback URL