Skip to main content

OAuth 2.0

Integrating your Web Server with an OAuth 2.0 provider such as Microsoft, Google, Auth0, or Okta enables secure single sign-on (SSO) for your users. This setup allows users to authenticate using their existing company credentials rather than managing additional passwords within Nectari.

To configure OAuth 2.0 authentication, you must register Nectari as an application with your provider and enter the necessary connection parameters in the Nectari Authentication settings. Each application and Add-in may require a specific redirect URL.

Common providors:

Registration steps

  1. Log in to your OAuth provider’s admin portal.
  2. Register a new application or client (follow the provider's documentation for this process).
  3. Enter the necessary Redirect URLs (provided in Nectari’s Authentication screen) for both the Web Server and the Excel Add-in, if applicable.
  4. Collect the required parameters as listed above.
  5. Log in to Nectari.
  6. In the navigation panel, select the gear icon to open Administration.
  7. Select Security, then Authentication.
  8. Create a new OAuth 2.0 provider entry using these values.

For a full step-by-step example, see OAuth 2.0 Configuration Example

note

Nectari and Excel Add-in each have specific Redirect URLs. Register both URLs as authorized redirect URIs with your provider so that users can sign in to both components.

Required parameters

ParameterDescription
Client IDIdentifies Nectari as a registered application to the OAuth provider and builds login URLs.
Client SecretSecures client authentication between your Web Server and the OAuth provider.
Authorization EndpointDirects users to the provider’s login, allowing consent and returning an authorization code to the server.
Token EndpointIssues an access token to Nectari in exchange for a valid authorization code.
User Info EndpointSupplies user profile data that can be mapped to Nectari user accounts after successful login.
ScopesDefines and limits what user account information Nectari can access; scopes prompt user consent.
Discovery Endpoint(Optional) Provides metadata for the OAuth provider and facilitates automated configuration.