OAuth 2.0
Integrating Nectari with an OAuth 2.0 provider—such as Microsoft, Google, Auth0, or Okta—enables secure single sign-on (SSO) for your users. This setup lets users to authenticate with their existing company credentials instead of creating separate passwords for Nectari.
To configure OAuth 2.0 authentication, register Nectari as an application with your provider and enter the required connection parameters in the Authentication page. Each application and add-in may require a specific redirect URLs.
For security and compliance reasons:
- Avoid multitenant configurations – use single‑tenant to reduce cross‑tenant access risks.
- Avoid using email as the user identifier – emails can change and may not be unique. Prefer claims such as
oidorsub.
Common providers
Registration steps
Nectari and the Excel Add-in each require specific redirect URLs. Register both URLs as authorized redirect URIs with your provider to allow users to sign in to both components.
- Log in to your OAuth provider’s admin portal.
- Register a new application or client (follow the provider's documentation for this process).
- Collect the required parameters as listed below.
- Log in to Nectari.
- In the navigation panel, select the gear icon to open Administration.
- Select Security, then Authentication.
- Create a new OAuth 2.0 provider entry using these values.
For a full configuration example, see OAuth 2.0 Configuration Example
Required parameters
| Parameter | Description |
|---|---|
| Client ID | Identifies Nectari as a registered application to the provider and builds login URLs. |
| Client Secret | Secures client authentication between Nectari and the OAuth provider. |
| Authorization Endpoint | Directs users to the provider’s login for consent and returns an authorization code. |
| Token Endpoint | Issues an access token to Nectari in exchange for a valid authorization code. |
| User Info Endpoint | Supplies user profile data to be mapped to Nectari accounts after successful login. |
| Scopes | Defines and limits what user account information Nectari can access; scopes prompt user consent. |
| Discovery Endpoint | (Optional) Provides metadata for the OAuth provider and helps automated configuration. |