Control user access using OpenID Connect - AppSheet Help

You can use any authentication provider that supports the standard OpenID Connect protocol to control authentication and user access control for your apps. SkiptomaincontentControluseraccessusingOpenIDConnect YoucanuseanyauthenticationproviderthatsupportsthestandardOpenIDConnectprotocoltocontrolauthenticationanduseraccesscontrolforyourapps. OpenIdConnectisessentiallytheOAuth2protocolwithstandardizeddefinitionsforthescopesandbehaviors.MostmodernauthenticationproviderslikeOktasupportthisprotocol. Youwillhavetogothroughsomestandardstepsintheprovider'sadminconsoletodefineanapp (thistellstheproviderthatAppSheetisgoingtobeaccessingit)andgetanappkeyandsecret.ThesewillneedtobeenteredintoyourAppSheetaccount. Step1:Registeranapp withtheOpenIDConnectprovider Thespecificsofthisvarybyprovider.Typically,theproviderhasanadminconsolewhereyouwouldcreateanewapp.  Givetheappanamethatismeaningfultoyou,likeAppSheetAccess orAcmeCorpFieldService.  You'llbepromptedforacallbackURL.ThecallbackURLsshouldbesetto: https://www.appsheet.com/Account/ELC andhttp://localhost:53519/Account/ELC,separatedbyacommaandaspace.ItisimportanttogettheseURLscorrectwiththerightcapitalization.Also,pleasenotethatthesecondcallbackURLisstrictlynotrequired;itwouldonlybenecessaryifyourequestedustodebugyourapplicationinthefuture. Ifthereisascope option,thevalueshouldbeopenid. Theprovidershouldgiveyouakey(orclientid)andasecretforthisapp.Makesuretocopytheseasyouwillneedtheminthenextstep. Step2:ConfigureyourAppSheetaccount Nowthatyouhavesetupyourprovider,youneedtoregisteritinyourAppSheetaccount. SignintoAppSheet. GotoMyaccount>Integrations>AuthDomains. Click+NewAuthDomain.  TheAddanewauthenticationdomaindialogdisplays. Enteranamefortheauthsource. Select OpenIDConnect.Youarepromptedforthefollowinginputs: App/clientkey/id:CliendIDvalueyoucopiedinstep1. App/clientsecret:Clientsecretvalueyoucopiedinstep1. Authendpoint:Dependsontheprovider.Forexample,forOktaitis: https://{yourOktaDomain}/oauth2/v1/authorize Tokenendpoint:Dependsontheprovider.Forexamle,forOkta itis:https://{yourOktaDomain}/oauth2/v1/token Scope:Almostalwaysthisshouldbesetto: openidprofileemail  WerecommendthatyouyourefertotheOpenIDConnectorprovider documentationtoensurethatyouconfigurethiscorrectly,especiallytheauthandtokenendpoints.Forexample,forOkta,see: https://developer.okta.com/docs/api/resources/oidc/#response-properties Step3:Usethenewauthdomaininyourapps Youcannowusethisdomainauthsourceinyourapps.SeeSetupdomainauthenticationinyourapp. Wasthishelpful?Howcanweimproveit?YesNoSubmittrueDomainintegrationDomainintegration:TheEssentialsUsedomaingroupsascustomrolesinyourapplicationsControluseraccessusingActiveDirectoryControluseraccessusingAWSCognitoControluseraccessusingGoogleCloudControluseraccessusingOktaControluseraccessusingOpenIDConnectSearchClearsearchClosesearchGoogleappsMainmenuSearchHelpCenterfalse