Setting up single-sign on (SSO) for your app
With SSO, your team can log in to your Base44 app using accounts from platforms like Google, Microsoft, GitHub, or Okta. This makes login faster and more secure removing the need to manage separate passwords.
Before you start
Here’s a quick thing you’ll want to do in Base44 before setting up your identity provider (IdP):Find your Base44 app ID
You’ll need your app ID to complete SSO setup. Here’s how to find it:- Open your app in the Base44 editor.
-
Look at the browser URL. It should look like this:
-
The string after
/apps/and before/editor/is your app ID. In this example: -
You’ll use this ID to build your redirect URI. Replace the APP_ID in the link below with your actual Base44 app ID.
In this example, your redirect URI would be:Make sure to replace the APP_ID with your actual Base44 app ID. Click here to find your Base44 app ID.
What’s a discovery URL?
A discovery URL is a link that tells Base44 how to connect to your identity provider. It helps Base44 automatically find the right settings, like where to send users to log in and where to get their info after they do. You’ll only need to use this with some providers:- For Google, you don’t need to do anything. Base44 handles it automatically behind the scenes.
- For Microsoft (Azure) and Okta, your provider will give you a discovery URL. You’ll just need to copy it and paste it into the Discovery URL field in your Base44 SSO settings.
- If you’re using GitHub, you can leave the discovery URL field blank as it’s not needed.
Select your identity provider to get started:
Set up SSO with Google
Go to: Google Cloud consoleIn the left menu, click "APIs & services", then "Credentials"
Click "Create credentials" → Create OAuth 2.0 client ID
Choose "Web application"
Set a name
Scroll down to "Authorized redirect URIs"
Click on “Add URI” and enter your redirect URI:Head over to "Data access" and "Scopes"
Select the required scopes:During the OAuth consent screen setup, you’ll see a section to “Add or remove scopes.”Use the search bar to find and select the following:
openidhttps://www.googleapis.com/auth/userinfo.email
Copy the "client ID" and "client secret"
Paste these details into your Base44 app settings
- Head over to Base44 and select your app
- Go to your Workspace
- Click on Settings
- Click on Authentication
- Select “Single sign-on (SSO)”
- Enter the “client ID” and “client secret”
You're all set!
Set up SSO with Microsoft
(Azure / Entra ID) Go to the Azure portalClick Azure Active Directory → App registrations → New registration
Name your app and choose the appropriate account type.
Enter your "Redirect URI"
Go to "Certificates and secrets" and select "New client secret"
Go to API permissions and add the scopes
In API permissions, add the following scopes:emailopenidprofileUser.Read
Copy the "client ID," "client secret," and discovery URL
- Single tenant: use your Azure tenant-specific URL
-
Multi-tenant or customer: use this
Paste these details into your Base44 app settings
- Head over to Base44 and select your app
- Go to your **Workspace **
- Click on Settings
- Click on Authentication
- Select “Single sign-on (SSO)”
- Enter the “client ID” and “client secret”
You're all set!
Set up SSO with GitHub
Go to GitHub Developer SettingsUnder "OAuth apps", click "NewAuth App"
Fill out the form and click on "Register application" when finished
- Application name: e.g. “Base44 login”
- Authorization callback URL:
Copy the "client ID" and "client secret"
Paste this information in your Base44 app settings
- Head over to Base44 and select your app
- Go to your**Workspace **
- Click on Settings
- Click on Authentication
- Select “Single sign-on (SSO)”
- Enter the “client ID” and “client secret”
You're all set!
Set up SSO with Okta
Go to your Okta admin dashboard
https://<your-okta-domain>.okta.com/adminGo to Applications → Applications, then click "Create app integration"
Inside "Create a new app integration" choose the following settings
Choose:- OIDC - OpenID Connect
- Web application
- Click “Next”
In the app settings
- App name: YourApp Okta Login
-
Sign-in redirect URI:
-
Add the following scopes
After creating the app, copy these down
- Client ID
- Client secret
- Issuer URL (this becomes your discovery URL)
Paste this information into your Base44 app settings
- Head over to Base44 and select your app
- Go to your **Workspace **
- Click on Settings
- Click on Authentication
- Select “Single sign-on (SSO)”
- Enter the “client ID,” “client secret” and “discovery URL”
You're all set!
After setup: How to test SSO
Once everything is saved:- Log out of your app (if you’re logged in).
- Go to your app’s login screen.
- Click Log in with SSO (or the provider you connected).
- Try logging in with an email that matches your verified domain.
FAQ
Do I need to set up SSO if I only use one login?
Do I need to set up SSO if I only use one login?
Where do I find my Base44 app ID?
Where do I find my Base44 app ID?
https://app.base44.com/apps/686404784ac37377589a1f7f/editor/... The long string after /apps/ and before /editor/ is your app ID.What is a redirect URI and where do I use it?
What is a redirect URI and where do I use it?
What is a discovery URL? Do I need to add it?
What is a discovery URL? Do I need to add it?
What if I see an error when logging in?
What if I see an error when logging in?
- Your redirect URI exactly matches what you entered in your provider’s dashboard
- Your client ID, client secret, and (if applicable) discovery URL are correct
- The scopes you added include at least:
openidandemail