Notification

AppSheet will be conducting service maintenance starting Sunday, May 19th, 2024 at 12:00 PM (7:00 PM UTC) and completing no later than 4:00 PM PDT (11:00 PM UTC). Learn more

您请求访问的页面目前没有您的语言版本。您可以从页面底部选择其他语言,或使用 Google Chrome 的内置翻译功能将网页内容即时翻译成您选择的语言。

Control user access using OpenID Connect

You can use any authentication provider that supports the standard OpenID Connect protocol to control authentication and user access control for your apps.

OpenId Connect is essentially the OAuth2 protocol with standardized definitions for the scopes and behaviors. Most modern authentication providers like Okta support this protocol.  You will have to go through some standard steps in the provider's admin console to define an app (this tells the provider that AppSheet is going to be accessing it) and get an app key and secret. These will need to be entered into your AppSheet account.

Step 1 : Register an app with the OpenID Connect provider

The specifics of this vary by provider. Typically, the provider has an admin console where you would create a new app. 

  • Give the app a name that is meaningful to you, like AppSheet Access or Acme Corp Field Service. 

  • You'll be prompted for a callback URL. The callback URLs should be set to: https://www.appsheet.com/Account/ELC (global regions) or https://eu.appsheet.com/Account/ELC (European Union regions), and http://localhost:53519/Account/ELC, separated by a comma and a space. It is important to get these URLs correct with the right capitalization. Also, please note that the second callback URL is strictly not required; it would only be necessary if you requested us to debug your application in the future.

  • If there is a scope option, the value should be openid.

The provider should give you a key (or client id) and a secret for this app. Make sure to copy these as you will need them in the next step.

Step 2: Configure your AppSheet account

Now that you have set up your provider, you need to register it in your AppSheet account.

  1. Sign in to AppSheet.
  2. Go to My account > Integrations > Auth Domains.
  3. Click + New Auth Domain
    The Add a new authentication domain dialog displays.
  4. Enter a name for the auth source.
  5. Select OpenID Connect. You are prompted for the following inputs:
    • App/client key/id: Cliend ID value you copied in step 1.
    • App/client secret: Client secret value you copied in step 1.
    • Auth endpoint: Depends on the provider. For example, for Okta it is: https://{yourOktaDomain}/oauth2/v1/authorize
    • Token endpoint: Depends on the provider. For examle, for Okta it is: https://{yourOktaDomain}/oauth2/v1/token
    • Scope: Almost always this should be set to: openid profile email 
We recommend that you you refer to the OpenID Connector provider documentation to ensure that you configure this correctly, especially the auth and token endpoints. For example, for Okta, see: https://developer.okta.com/docs/api/resources/oidc/#response-properties

Step 3: Use the new auth domain in your apps

You can now use this domain auth source in your apps. See Set up domain authentication in your app.

Was this helpful?

How can we improve it?

Need more help?

Try these next steps:

Contact us Tell us more and we’ll help you get there
true
Search
Clear search
Close search
Main menu
9969986080977919419
true
Search Help Center
true
true
true
false
false