Before you start

Here’s a quick thing you’ll want to do in Base44 before setting up your identity provider (IdP):

Find your Base44 app ID

You’ll need your app ID to complete SSO setup. Here’s how to find it:
  1. Open your app in the Base44 editor.
  2. Look at the browser URL. It should look like this: 
    https://app.base44.com/apps/686404784ac37377589a1f7f/editor/...
  3. The string after /apps/ and before /editor/is your app ID. In this example: 
    686404784ac37377589a1f7f
  4. You’ll use this ID to build your redirect URI. Replace the APP_ID in the link below with your actual Base44 app ID. 
    https://app.base44.com/api/apps/{{APP_ID}}/auth/sso/callback
    Make sure to replace the APP_ID with your actual Base44 app ID. Click here to find your Base44 app ID.
    In this example, your redirect URI would be: 
    https://app.base44.com/api/apps/686404784ac37377589a1f7f/auth/sso/callback

What’s a discovery URL?

A discovery URL is a link that tells Base44 how to connect to your identity provider. It helps Base44 automatically find the right settings, like where to send users to log in and where to get their info after they do. You’ll only need to use this with some providers:
  • For Google, you don’t need to do anything. Base44 handles it automatically behind the scenes.
  • For Microsoft (Azure) and Okta, your provider will give you a discovery URL. You’ll just need to copy it and paste it into the Discovery URL field in your Base44 SSO settings.
  • If you’re using GitHub, you can leave the discovery URL field blank as it’s not needed.

Select your identity provider to get started:

Google

  • Set up SSO with Google accounts

Microsoft

  • Use Microsoft 365 or Entra ID for login

GitHub

  • Authenticate with GitHub accounts

Okta

  • Connect with your company’s Okta directory

Set up SSO with Google

Go to: Google Cloud console
1

In the left menu, click "APIs & services", then "Credentials"

2

Click "Create credentials" → Create OAuth 2.0 client ID

SSO Google1 Pn
3

Choose "Web application"

4

Set a name

5

Scroll down to "Authorized redirect URIs"

SSO Google2 PnClick on “Add URI” and enter your redirect URI:
https://app.base44.com/api/apps/{{APP_ID}}/auth/sso/callback
Make sure to replace the APP_ID with your actual Base44 app ID. Click here to find your Base44 app ID.
6

Head over to "Data access" and "Scopes"

SSO Google3 PnSelect the required scopes:During the OAuth consent screen setup, you’ll see a section to “Add or remove scopes.”
Use the search bar to find and select the following:
  • openid
  • https://www.googleapis.com/auth/userinfo.email
Then click Create.These scopes allow Base44 to identify the user and access their email address after login.
7

Copy the "client ID" and "client secret"

8

Paste these details into your Base44 app settings

SSO Google4 Pn
  1. Head over to Base44 and select your app
  2. Go to your Dashboard
  3. Click on Settings
  4. Click on Authentication
  5. Select “Single sign-on (SSO)”
  6. Enter the “client ID” and “client secret
9

You're all set!

Set up SSO with Microsoft

(Azure / Entra ID) Go to the Azure portal
1

Click Azure Active Directory → App registrations → New registration

SSO Microsoft1b Pn
2

Name your app and choose the appropriate account type.

SSO Microsoft2 Pn
3

Enter your "Redirect URI"

This is your redirect URI:
https://app.base44.com/api/apps/{{APP_ID}}/auth/sso/callback
Make sure to replace the APP_ID with your actual Base44 app id.
4

Go to "Certificates and secrets" and select "New client secret"

SSO Microsoft3 Pn
5

Go to API permissions and add the scopes

SSO Microsoft4 PnIn API permissions, add the following scopes:
  • email
  • openid
  • profile
  • User.Read
These allow Base44 to authenticate users and access their basic profile and email address
6

Copy the "client ID," "client secret," and discovery URL

  • Single tenant: use your Azure tenant-specific URL
  • Multi-tenant or customer: use this 
    https://login.microsoftonline.com/consumers/v2.0/.well-known/openid-configuration
7

Paste these details into your Base44 app settings

  1. Head over to Base44 and select your app
  2. Go to your Dashboard
  3. Click on Settings
  4. Click on Authentication
  5. Select “Single sign-on (SSO)”
  6. Enter the “client ID” and “client secret
8

You're all set!

Set up SSO with GitHub

Go to GitHub Developer Settings
1

Under "OAuth apps", click "NewAuth App"

SSO Git Hub1 Pn
2

Fill out the form and click on "Register application" when finished

SSO Git Hub2 Pn
  • Application name: e.g. “Base44 login”
  • Authorization callback URL:
https://app.base44.com/api/apps/{{APP_ID}}/auth/sso/callback
Make sure to replace the APP_ID with your actual Base44 app ID. Click here to find your Base44 app ID.
Click “Register application”
3

Copy the "client ID" and "client secret"

4

Paste this information in your Base44 app settings

SSO Git Hub3 Pn
  1. Head over to Base44 and select your app
  2. Go to your Dashboard
  3. Click on Settings
  4. Click on Authentication
  5. Select “Single sign-on (SSO)”
  6. Enter the “client ID” and “client secret
5

You're all set!

Set up SSO with Okta

1

Go to your Okta admin dashboard

https://<your-okta-domain>.okta.com/admin
2

Go to Applications → Applications, then click "Create app integration"

3

Inside "Create a new app integration" choose the following settings

SSO Okta1 PnChoose:
  • OIDC - OpenID Connect
  • Web application
  • Click “Next
4

In the app settings

  • App name: YourApp Okta Login
  • Sign-in redirect URI: SSO Okta2 Pn
  • Add the following scopes SSO Okta3 Pn
5

After creating the app, copy these down

  • Client ID
  • Client secret
  • Issuer URL (this becomes your discovery URL)
6

Paste this information into your Base44 app settings

SSO Okta4 Pn
  1. Head over to Base44 and select your app
  2. Go to your Dashboard
  3. Click on Settings
  4. Click on Authentication
  5. Select “Single sign-on (SSO)”
  6. Enter the “client ID,” “client secret” and “discovery URL
7

You're all set!

After setup: How to test SSO

Once everything is saved:
  1. Log out of your app (if you’re logged in).
  2. Go to your app’s login screen.
  3. Click Log in with SSO (or the provider you connected).
  4. Try logging in with an email that matches your verified domain.
If everything works, you’ll be logged into your app If something doesn’t work or you get an error, reach out to our support team, we’re here to help.

FAQ